Difference between revisions of "OWASP Newsletter 5"

From OWASP
Jump to: navigation, search
(New Pages)
(Latest additions to the WIKI)
Line 37: Line 37:
 
==== Updated pages====  
 
==== Updated pages====  
 
==== New Documents & Presentations from chapters====  
 
==== New Documents & Presentations from chapters====  
 +
 +
From the last Israeli chapter meeting:
 +
* [[media:OWASP_IL_Source_Code_Analysis_and_Application_Security.pdf|Source Code Analysis and Application Security - Cheating the Maze]] - Maty Siman, Founder & CTO, [http://www.checkmarx.com/ Checkmarx]
 +
* [[media:OWASP_IL_WCF_Security.pdf|Security Implications of .Net 3.0 and the Windows Communication Foundation (WCF)]] - Emmanuel Cohen-Yashar (Manu), Senior .NET technology consultant, [http://www.sela.co.il Sela Group]
 +
* [[media:OWASP_IL_The_Universal_XSS_PDF_Vulnerability.pdf|Analysis of the Universal XSS PDF vulnerability - Cause, Solutions and Fun Stuff]] - Ofer Shezaf, CTO, [http://www.breach.com Breach Security], Leader of OWASP IL
 
==== Latest Blog entries====
 
==== Latest Blog entries====
 
* [UAC not a security feature http://blogs.owasp.org/diniscruz/2007/02/15/uac-not-a-security-feature/]
 
* [UAC not a security feature http://blogs.owasp.org/diniscruz/2007/02/15/uac-not-a-security-feature/]
Line 44: Line 49:
 
* [http://blogs.owasp.org/mike/2007/02/12/interesting-article/ Interesting Article]  
 
* [http://blogs.owasp.org/mike/2007/02/12/interesting-article/ Interesting Article]  
 
* [http://blogs.owasp.org/orizon/2007/02/05/version-010/ Version 0.10]  and [http://blogs.owasp.org/orizon/2007/02/06/8/ First public release] (Orizon)
 
* [http://blogs.owasp.org/orizon/2007/02/05/version-010/ Version 0.10]  and [http://blogs.owasp.org/orizon/2007/02/06/8/ First public release] (Orizon)
 
From the last Israeli chapter meeting:
 
 
[[media:OWASP_IL_Source_Code_Analysis_and_Application_Security.pdf|Source Code Analysis and Application Security - Cheating the Maze]] - Maty Siman, Founder & CTO, [http://www.checkmarx.com/ Checkmarx]
 
 
[[media:OWASP_IL_WCF_Security.pdf|Security Implications of .Net 3.0 and the Windows Communication Foundation (WCF)]] - Emmanuel Cohen-Yashar (Manu), Senior .NET technology consultant, [http://www.sela.co.il Sela Group]
 
 
[[media:OWASP_IL_The_Universal_XSS_PDF_Vulnerability.pdf|Analysis of the Universal XSS PDF vulnerability - Cause, Solutions and Fun Stuff]] - Ofer Shezaf, CTO, [http://www.breach.com Breach Security], Leader of OWASP IL
 
  
 
==== OWASP Community====
 
==== OWASP Community====

Revision as of 20:14, 18 February 2007

Using the same format as used in OWASP Newsletter's [OWASP_Newsletter_1], 2 and 3 this is the page that will be used for the next Newsletter Contents [hide]

Contents

OWASP Newsletter #5

OWASP projects that need your help

Featured Project: AoC

Featured Project: OWASP Top 10 RC1

Feedback

Featured Item: OWASP Conference Europe, Italy, Milan

Featured Item: {TBD}

Latest additions to the WIKI

New Pages

(Note:I think I am missing a couple new pages since the Wiki Software was upgraded and thelist of new pages start on the 5th of Feb)

Updated pages

New Documents & Presentations from chapters

From the last Israeli chapter meeting:

Latest Blog entries

OWASP Community

Application Security News

"The man responsible for unleashing what is believed to be the first self-propagating cross-site scripting worm has pleaded guilty in Los Angeles Superior Court to charges stemming from his most infamous hacking."
  • Feb 05 - Why You're Organization Must Increase It's Web Application Security Budget - "The Web application security threat is a real one. A failure to respond to this threat will result in real risk to any enterprise that stores financial or customer data. While the problem is a serious one, it is not something that cannot be fixed so long as proper attention and budget are allocated to it. Unfortunately, given the unique nature of the problem and its impact on the budgetary process, it will likely require direct intervention by the financial staff."
  • Feb 05 - X-Force Notes Increase in Vulnerabilities. Where are the "X-Men" to fix them?- " According to the report, which was developed by the IBM Internet Security Systems (ISS) X-Force(R) research and development team, there were 7,247 new vulnerabilities recorded and analyzed by the X-Force in 2006, which equates to an average of 20 new vulnerabilities per day. This total represents a nearly 40 percent increase over what ISS reported in 2005. Over 88 percent of 2006 vulnerabilities could be exploited remotely, and over 50 percent allowed attackers to gain access to a machine after exploitation. "
  • Feb 05 - Rubin Smacks Diebold Once Again- "Given what I've seen about voting system standards and voting system testing labs, I would bet money that the parking garage system at Baltimore Penn Station was tested more extensively before it was deployed than the Diebold voting machines that we use in Maryland."

OWASP references in the Media