Difference between revisions of "OWASP Newsletter 2"

From OWASP
Jump to: navigation, search
(OWASP News Headlines (from owasp.org website))
(Featured Projects: {TBD})
Line 5: Line 5:
 
* [http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Live_CD OWASP Live CD] Beta Release  - You can download it from [http://www.packetfocus.com/hackos| http://www.packetfocus.com/hackos ]
 
* [http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Live_CD OWASP Live CD] Beta Release  - You can download it from [http://www.packetfocus.com/hackos| http://www.packetfocus.com/hackos ]
  
====  Featured Projects: {TBD} ====
+
====  Featured Projects ====
 +
 
 +
* [[OWASP WebScarab NG Project]] - Rogan has been very busy on the new version of WebScarab, which is not complete, but is already in a very usable state (I already prefer it to the current version). Rogan needs your help in testing this version and sending in your comments. Quote from [[OWASP WebScarab NG Project]]: ''WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the Spring Rich Client Platform to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc.''
 +
 
 +
*  [[:Category:OWASP Testing Project]] - As per my last email to you, we have started a review process for new version of the OWASP Testing Guide v2 (which you can you can read it on line [http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents  Testing Guide v2 wiki - 'Release Candidate 1'] or view it in in [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_RC1_pdf.zip Adobe PDF format] or [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_RC1_doc.zip Ms Doc format]). If you want to participate in this review see the [[OWASP_Testing_Project_v2.0_-_Review_Guidelines]] page.
  
 
==== Featured Story: Two free Java EE filters for CSRF, Reflected XSS, and Adobe XSS====
 
==== Featured Story: Two free Java EE filters for CSRF, Reflected XSS, and Adobe XSS====

Revision as of 06:10, 16 January 2007

Using the same format as used in OWASP Newsletter 1 this is the page that will be used for the next Newsletter

Contents

OWASP News

Featured Projects

  • OWASP WebScarab NG Project - Rogan has been very busy on the new version of WebScarab, which is not complete, but is already in a very usable state (I already prefer it to the current version). Rogan needs your help in testing this version and sending in your comments. Quote from OWASP WebScarab NG Project: WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the Spring Rich Client Platform to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc.

Featured Story: Two free Java EE filters for CSRF, Reflected XSS, and Adobe XSS

OWASP contributors from Aspect Security have developed two new Java EE filters to protect against common web attacks. Just add a few lines to your web.xml file and enjoy the protection.

CSRF and Reflected XSS Filter for Java EE
This filter adds a random token to forms and URLs that prevent an attacker from executing both CSRF and reflected XSS attacks.
Adobe XSS Filter for Java EE
This filter protects against the recent XSS attacks on PDF files. By using a redirect and an encrypted token, this filter ensures that dangerous attacks are not passed into the Adobe reader plugin.

Latest Blog Entries

As posted in blogs.owasp.org

Latest additions to the WIKI

New pages

Edited Pages

OWASP Community


Application Security News (from Owasp.org)

Jan 10 - Vulnerability Disclosure: The Good, the Bad and the Ugly
More than a decade into the practice of vulnerability disclosure, where do we stand? Are we more secure? Or less?, three good articles: Microsoft: Responsible Vulnerability Disclosure Protects Users , Schneier: Full Disclosure of Security Vulnerabilities a ’Damned Good Idea’, The Vulnerability Disclosure Game: Are We More Secure? and The Chilling Effect