Difference between revisions of "OWASP Newsletter 15"

From OWASP
Jump to: navigation, search
m (OWASP Newsletter #15 (xx-March-2008))
(Featured Item: OWASP Summer of Code 2008 - 35 uploaded applications)
 
(26 intermediate revisions by 4 users not shown)
Line 1: Line 1:
==  OWASP Newsletter #15 (xx-March-2008) ==
+
==  OWASP Newsletter #15 (28-March-2008) ==
Welcome to the 15th edition of the OWASP Newsletter, featuring the OWASP NYC AppSec 2008 Conference, OWASP Week 2008, and the TBD Project.
+
Welcome to the 15th edition of the OWASP Newsletter, featuring the OWASP NYC AppSec 2008 Conference, OWASP Week 2008, and the OWASP Guide 3.0 Development Resumes.
 
+
  
 
As always, if you have any content to add to the next edition, please feel free to add it directly to its WIKI page [[OWASP Newsletter 16]].
 
As always, if you have any content to add to the next edition, please feel free to add it directly to its WIKI page [[OWASP Newsletter 16]].
  
 +
Alison McNamee - OWASP Operations Director - Tel: 301-575-0197 - eMail: Alison.mcnamee@owasp.org
  
Alison McNamee - OWASP Operations Director - Alison.mcnamee@owasp.org
+
== Featured Item: OWASP Europe AppSec 2008 Conference==
 +
 
 +
The [https://www.owasp.org/index.php/AppSecEU08 OWASP Europe AppSec 2008 Conference] will take place on <b>May 19th-22nd</b>.  After successful OWASP Conferences in the United States and Europe, we are back in Belgium: 5 tutorials and 2 conference tracks in the historic center of Ghent! The conference is stuffed with top notch presentations from industry recognised speakers and technical experts on the latest application security risks and trends.
 +
 
 +
Amongst the 30+ speakers are Mark Curphey, Dinis Cruz, Ivan Ristic, Petko (pdp) Petkov, Brian Chess and Gary McGraw!
 +
 
 +
Registration for training and attendees will open up on April 1st, 2008. For full details on the event click [https://www.owasp.org/index.php/AppSecEU08 here].
  
 
== Featured Item: OWASP NYC AppSec 2008 Conference==
 
== Featured Item: OWASP NYC AppSec 2008 Conference==
  
This is going to be the biggest OWASP event yet!!  The OWASP NYC AppSec 2008 Conference will take place on Tuesday, October 7th to Thursday, October 10th.  There will be two days of seminars and technology expos, and two days of hands-on training.  The conference will be held at Pace University in downtown New York City, and has the capacity for up to 1,000 people!!
+
The [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference OWASP NYC AppSec 2008 Conference] will take place on <b>October 7th-10th</b>At this event, there will be two days of Multi-track Seminars, Capture the Flag, two days of Hands-On Training and a Vendor Exhibit.  The conference will be held downtown <b>New York City</b> with the capacity for up to <b>1,000 attendees</b> register early!
 +
<br>
 +
<br>
 +
Registration for training and attendees will open up on April 1st, 2008. For full details on the event, to submit a talk or for more information on sponsorship opportunities click [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference here].
 +
 
 +
 
 +
== Featured Item: OWASP Week 2008==
 +
 
 +
Following the success of OWASP Day in 2007, this year we have decided to have the first ever OWASP Week! This will take place between March 30th and April 4th.  To see what chapters are participating, please go to [[OWASP_Week_April_08]].
 +
 
 +
== Featured Project: OWASP Guide 3.0 Development Resumes==
 +
 
 +
Andrew van der Stock, the OWASP Guide Project Lead, is calling for volunteers to re-factor the OWASP Guide to be solely about secure architecture and coding using ESAPI. This will help distinguish the Guide from our other major documents:
 +
 
 +
* The Guide will become solely about coding securely using ESAPI with J2EE, .NET and PHP
 +
* The Code Review Guide is about reviewing web apps
 +
* The Testing Guide is about testing web apps
 +
 
 +
Andrew is looking for volunteers to take on individual chapters. There are 16 chapters, and each should take one person about a month to re-factor, followed by a few months for peer review, QA, diagrams, and final acceptance. The goal is to release the final OWASP Guide 3.0 at the OWASP US Conference in late 2008.
  
Registration will open up on April 1st.  Don't miss this one!
+
If you're interested, please join the owasp-guide mail list:
  
For more details click [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference here].
+
https://lists.owasp.org/mailman/listinfo/owasp-guide
  
== Featured Project: TBD ==
+
Once joined, please post to the list with an introduction and a list of which chapters you'd are interested in taking on. If you've previously volunteered, please just say so and priority will be given to your chapter choices.
  
 +
== Featured Item: OWASP Summer of Code 2008 - 35 uploaded applications ==
 +
{| class="wikitable" style="text-align:center"
 +
|-
 +
| align="CENTER"|[[Image:SoC 08 Logo Small.jpg|center]]
 +
| align="left"|
 +
* The submission period for [[OWASP Summer of Code 2008|OWASP Summer of Code 2008]] applications finished off on 25th March.
 +
* The open-source software community has answered positively [[OWASP Summer of Code 2008 Applications|uploading 35 applications]].
 +
* We thank everybody who has applied.
 +
* We announce a two-week-delay in the assessment of OWASP Summer of Code’s 2008 applications. We are now planning to deliver our assessment on the 16th April. Hence, the whole SoC’s 2008 schedule will be postponed two weeks.
 +
** Having carefully analysed the set of 35 applications, we have decided to request that 18 applicants adjust their proposals. [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications|These 18 applications can be found here]].
 +
*** For each one, we have posted a couple of recommendations. Consequently, we ask that each applicant answer just below our recommendations, whether or not they are accepted. If so, please leave a clear note of it and modify accordingly your applications in the same wiki page.
 +
*** We also recommend that applicants state positions by the 9th of April.
 +
** The remaining set of applications can be found on either the [http://spreadsheets.google.com/pub?key=pAX6n7m2zaTXckoJGOB0_LA Majority Vote Page] or [http://spreadsheets.google.com/pub?key=pAX6n7m2zaTXfkbcvHAVnUA&gid=0 Selection Criteria Page]. Although the new official date to announce the SoC’s 2008 is now the 16th of April, we will post our assessment as soon as it has been reached. At this moment, the applicants can of course start working. However, we will return to all applicants later, once the assessment process has been totally completed, with further details.
 +
** We understand the inconvenience that this might cause and apologise for that. Although, as we are acting to improve the SoC’s final deliveries, we also ask for understanding and we thank in advance.
 +
|}
  
 
== Latest additions to the WIKI ==
 
== Latest additions to the WIKI ==
Line 24: Line 63:
 
==== New Pages====
 
==== New Pages====
  
 +
* [[OWASP_Backend_Security_Project_Tools]]
 +
* [[OWASP_OSG_Functional_Spec]]
 +
* [[.NET_Architect]]
 
* [[.Net_Project_Wishlist]]
 
* [[.Net_Project_Wishlist]]
 
* [[.NET_Project_ReOrg_Alpha]]
 
* [[.NET_Project_ReOrg_Alpha]]
Line 34: Line 76:
 
* [[OWASP_Board_Meetings_2-7-08]]
 
* [[OWASP_Board_Meetings_2-7-08]]
 
* [[Ajax_Frameworks]]
 
* [[Ajax_Frameworks]]
* [[OWASP_Summer_0f_Code_2008_:_Selection_Assessment_SoC_08_Application_2]]
 
* [[OWASP_Summer_0f_Code_2008_:_Selection_Assessment_SoC_08_Application_1]]
 
* [[OWASP_Summer_0f_Code_2008_:_Selection_Assessment_Type]]
 
  
 
====New Chapter Pages====
 
====New Chapter Pages====
Line 48: Line 87:
 
====Updated Pages====
 
====Updated Pages====
  
 +
* [[SpoC_007_-_OWASP_Site_Generator]]
 +
* [http://www.owasp.org/index.php/Category:OWASP_Flash_Security_Project OWASP Flash Security Project]
 +
* [[OWASP_.Net_Project_Roadmap]]
 +
* [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project OWASP DirBuster Project]
 +
* [http://www.owasp.org/index.php/Category:OWASP_Backend_Security_Project OWASP Backend Security Project]
 
* [[Testing_for_Cross_site_scripting]]
 
* [[Testing_for_Cross_site_scripting]]
 
* [[CSRF_Guard_2x_Roadmap]]
 
* [[CSRF_Guard_2x_Roadmap]]
Line 116: Line 160:
 
== OWASP references in the Media==
 
== OWASP references in the Media==
  
 +
* [http://www.computerweekly.com/blogs/stuart_king/2008/03/i-still-dabble-occassionally-w.html The First Rule of Programming: It's Always Your Fault]
 +
* [http://schmoil.blogspot.com/2008/03/owasp-esapi.html OWASP ESAPI]
 +
* [http://onelittlewindow.org/blog/?p=54 OWASP Enterprise Security API]
 +
* [http://www.wehuberconsultingllc.com/?p=10 OWASP-Ideas for unit testing web security]
 
* [http://therealcobracommander.blogspot.com/2008/03/top-10-reasons-web-sites-get-hacked.html Top 10 Reasons Web Sites get Hacked]
 
* [http://therealcobracommander.blogspot.com/2008/03/top-10-reasons-web-sites-get-hacked.html Top 10 Reasons Web Sites get Hacked]
 
* [http://duckdown.blogspot.com/2008/03/do-outsourcing-firms-write-secure-code.html Do Outsourcing Firms write secure code?]
 
* [http://duckdown.blogspot.com/2008/03/do-outsourcing-firms-write-secure-code.html Do Outsourcing Firms write secure code?]
Line 130: Line 178:
 
* [http://cincinnatirecruiter.wordpress.com/2008/03/02/february-owasp-top-10-exploits/ February OWASP Top 10 - Exploits]
 
* [http://cincinnatirecruiter.wordpress.com/2008/03/02/february-owasp-top-10-exploits/ February OWASP Top 10 - Exploits]
 
* [http://duckdown.blogspot.com/2008/02/exposing-ecm-security-vulnerabilities.html Exposing ECM Security Vulnerabilities]
 
* [http://duckdown.blogspot.com/2008/02/exposing-ecm-security-vulnerabilities.html Exposing ECM Security Vulnerabilities]
* [http://ha.ckers.org/blog/20080227/res-timing-file-enumeration-without-javascript-in-ie70/ Res timing file enumeration without javascript in ie7.0]
+
* [http://ha.ckers.org/blog/20080227/res-timing-file-enumeration-without-javascript-in-ie70/ Res timing file enumeration without  
 +
javascript in ie7.0]
 
* [http://www.smop.co.uk/blog/index.php/2008/02/25/fosdem/ FOSDEM]
 
* [http://www.smop.co.uk/blog/index.php/2008/02/25/fosdem/ FOSDEM]
 
* [http://mrtopf.de/blog/plone/planetplone/fosdem-2008-about-owasp/ About OWASP]
 
* [http://mrtopf.de/blog/plone/planetplone/fosdem-2008-about-owasp/ About OWASP]
 
* [http://www.publicradio.org/columns/futuretense/2008/02/index.shtml Why many popular website are risky]
 
* [http://www.publicradio.org/columns/futuretense/2008/02/index.shtml Why many popular website are risky]
 
+
* [http://owaspsoc2008.wordpress.com OWASP Summer of Code 2008's Blog]
 
=='''[https://www.owasp.org/index.php/Template:Application_Security_News Application Security News Feed]'''==
 
=='''[https://www.owasp.org/index.php/Template:Application_Security_News Application Security News Feed]'''==
  
* TBD
+
<owaspfeeddetails />

Latest revision as of 23:32, 31 March 2008

Contents

OWASP Newsletter #15 (28-March-2008)

Welcome to the 15th edition of the OWASP Newsletter, featuring the OWASP NYC AppSec 2008 Conference, OWASP Week 2008, and the OWASP Guide 3.0 Development Resumes.

As always, if you have any content to add to the next edition, please feel free to add it directly to its WIKI page OWASP Newsletter 16.

Alison McNamee - OWASP Operations Director - Tel: 301-575-0197 - eMail: Alison.mcnamee@owasp.org

Featured Item: OWASP Europe AppSec 2008 Conference

The OWASP Europe AppSec 2008 Conference will take place on May 19th-22nd. After successful OWASP Conferences in the United States and Europe, we are back in Belgium: 5 tutorials and 2 conference tracks in the historic center of Ghent! The conference is stuffed with top notch presentations from industry recognised speakers and technical experts on the latest application security risks and trends.

Amongst the 30+ speakers are Mark Curphey, Dinis Cruz, Ivan Ristic, Petko (pdp) Petkov, Brian Chess and Gary McGraw!

Registration for training and attendees will open up on April 1st, 2008. For full details on the event click here.

Featured Item: OWASP NYC AppSec 2008 Conference

The OWASP NYC AppSec 2008 Conference will take place on October 7th-10th. At this event, there will be two days of Multi-track Seminars, Capture the Flag, two days of Hands-On Training and a Vendor Exhibit. The conference will be held downtown New York City with the capacity for up to 1,000 attendees register early!

Registration for training and attendees will open up on April 1st, 2008. For full details on the event, to submit a talk or for more information on sponsorship opportunities click here.


Featured Item: OWASP Week 2008

Following the success of OWASP Day in 2007, this year we have decided to have the first ever OWASP Week! This will take place between March 30th and April 4th. To see what chapters are participating, please go to OWASP_Week_April_08.

Featured Project: OWASP Guide 3.0 Development Resumes

Andrew van der Stock, the OWASP Guide Project Lead, is calling for volunteers to re-factor the OWASP Guide to be solely about secure architecture and coding using ESAPI. This will help distinguish the Guide from our other major documents:

  • The Guide will become solely about coding securely using ESAPI with J2EE, .NET and PHP
  • The Code Review Guide is about reviewing web apps
  • The Testing Guide is about testing web apps

Andrew is looking for volunteers to take on individual chapters. There are 16 chapters, and each should take one person about a month to re-factor, followed by a few months for peer review, QA, diagrams, and final acceptance. The goal is to release the final OWASP Guide 3.0 at the OWASP US Conference in late 2008.

If you're interested, please join the owasp-guide mail list:

https://lists.owasp.org/mailman/listinfo/owasp-guide

Once joined, please post to the list with an introduction and a list of which chapters you'd are interested in taking on. If you've previously volunteered, please just say so and priority will be given to your chapter choices.

Featured Item: OWASP Summer of Code 2008 - 35 uploaded applications

SoC 08 Logo Small.jpg
  • The submission period for OWASP Summer of Code 2008 applications finished off on 25th March.
  • The open-source software community has answered positively uploading 35 applications.
  • We thank everybody who has applied.
  • We announce a two-week-delay in the assessment of OWASP Summer of Code’s 2008 applications. We are now planning to deliver our assessment on the 16th April. Hence, the whole SoC’s 2008 schedule will be postponed two weeks.
    • Having carefully analysed the set of 35 applications, we have decided to request that 18 applicants adjust their proposals. These 18 applications can be found here.
      • For each one, we have posted a couple of recommendations. Consequently, we ask that each applicant answer just below our recommendations, whether or not they are accepted. If so, please leave a clear note of it and modify accordingly your applications in the same wiki page.
      • We also recommend that applicants state positions by the 9th of April.
    • The remaining set of applications can be found on either the Majority Vote Page or Selection Criteria Page. Although the new official date to announce the SoC’s 2008 is now the 16th of April, we will post our assessment as soon as it has been reached. At this moment, the applicants can of course start working. However, we will return to all applicants later, once the assessment process has been totally completed, with further details.
    • We understand the inconvenience that this might cause and apologise for that. Although, as we are acting to improve the SoC’s final deliveries, we also ask for understanding and we thank in advance.

Latest additions to the WIKI

New Pages

New Chapter Pages

Updated Pages

Updated chapter pages:

New Documents & Presentations from chapters

For a complete list of chapter presentations see the online table of presentations.

OWASP references in the Media

javascript in ie7.0]

Application Security News Feed