Difference between revisions of "OWASP Newsletter 8"

From OWASP
Jump to: navigation, search
m (Reverted edits by VibocVarpa (Talk) to last version by KirstenS)
 
(10 intermediate revisions by 5 users not shown)
Line 1: Line 1:
''Sent to owasp-all mailing list on ?? Mar 2007''  
+
''Sent to owasp-all mailing list on 17 April 2007'' __NOEDITSECTION__
==  OWASP Newsletter #7 (?-Mar-2007) ==
+
==  OWASP Newsletter #8 (17-Apr-2007) ==
Welcome to the 8th OWASP Newsletter, featuring the [[OWASP Spring Of Code 2007]], details on the [[6th_OWASP_AppSec_Conference_-_Italy_2007|6th AppSec Conference]] and the [[:Category:OWASP Code Review Project]] seeking for volunteers.
+
A bit later than normal, welcome to the 8th OWASP Newsletter, featuring the [[OWASP Spring Of Code 2007]], details on the [[6th_OWASP_AppSec_Conference_-_Italy_2007|6th AppSec Conference]], the [[:Category:OWASP Code Review Project|Code Review Project]], the [[:Category:OWASP WeBekci Project|WeBekci Project]] and the [[:Category:OWASP Code Review Project|OWASP Code Review Project]] is seeking for volunteers.
  
We now also scan blogs for OWASP references: spread the story!
+
Note that we also scan blogs for OWASP references.
  
 
If you have any content to add to the next edition, feel free to add it directly to its WIKI page ([[OWASP Newsletter 9]]).
 
If you have any content to add to the next edition, feel free to add it directly to its WIKI page ([[OWASP Newsletter 9]]).
Line 11: Line 11:
 
Belgium Chapter Leader
 
Belgium Chapter Leader
  
== Featured Item: [[OWASP Spring Of Code 2007]] Reminder ==
+
== Featured Item: [[OWASP Spring Of Code 2007]] ==
  
Following the success of last year's Autumn of Code (AoC 06) we are are now launching the OWASP Spring of Code 2007 (SpoC 007) with more budget, more energy and more expectations :)
+
We have received lots of [[OWASP Spring Of Code 2007 Applications]]! The submission period is now closed. The OWASP board is now evaluating the proposals and will publish the results as soon as possible.
Please submit your [[OWASP Spring Of Code 2007 Applications]] online!
+
  
 
== Featured Item: Milan (Italy) Conference Agenda details! ==
 
== Featured Item: Milan (Italy) Conference Agenda details! ==
Line 20: Line 19:
 
Join us for our [[6th_OWASP_AppSec_Conference_-_Italy_2007|6th AppSec Conference]] May 15-17 in Milan, Italy. Microsoft will be presenting "The Benefits of the SDL initiative to Microsoft and its Customers" and there will be expert talks on Web Services Security, Securing AJAX, the Microsoft Secure Development Lifecycle, all the new OWASP projects, and much more.  
 
Join us for our [[6th_OWASP_AppSec_Conference_-_Italy_2007|6th AppSec Conference]] May 15-17 in Milan, Italy. Microsoft will be presenting "The Benefits of the SDL initiative to Microsoft and its Customers" and there will be expert talks on Web Services Security, Securing AJAX, the Microsoft Secure Development Lifecycle, all the new OWASP projects, and much more.  
  
== Featured Project: [[:Category:OWASP Code Review Project]] ==
+
== Featured Project: [[:Category:OWASP Code Review Project|OWASP Code Review Project]] ==
 
The OWASP Code Review project was concieved by Eoin Keary the OWASP Ireland Founder and Chapter Lead. We are actively seeking techies to add new sections as new web technologies emerge. Need help on this one, don't be shy, all help appreciated.
 
The OWASP Code Review project was concieved by Eoin Keary the OWASP Ireland Founder and Chapter Lead. We are actively seeking techies to add new sections as new web technologies emerge. Need help on this one, don't be shy, all help appreciated.
  
 
View the [[OWASP Code Review Project Roadmap]].
 
View the [[OWASP Code Review Project Roadmap]].
 +
 +
== Featured Project: [[:Category:OWASP WeBekci Project|OWASP WeBekci Project]] ==
 +
WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. It will remove management overhead of ModSecurity 2.x. You can configure modsecurity.conf, add special rules and watch system, apache and modsecurity logs (only guardianlog has been implemented in this version).
 +
 +
== Web Application Security Metrics Survey Participants Needed ==
 +
Since meaningful web application security metrics are very lacking, the [[:Category:OWASP_Application_Security_Metrics_Project|Web Application Security Metrics]] seeks to identify and provide the web application security community with a basic set of application security metrics that have been found by contributors to be effective in measuring web application security effectiveness. 
 +
 +
Since this Project was launched, it has proven to be challenging to get survey participants (e.g., customers too busy or have no metrics).  As a result, Bob Austin (the project leader) is turning directly to you:the OWASP community. He would be very grateful to OWASP members who are willing to take 30 minutes to complete a survey with him by phone (and/or to support collection of metric data from an organization you support).  The key data he seeks is as follows:
 +
* Description of Metric,
 +
* why the metric was created,
 +
* how the metric is created,
 +
* source of the data used to produce the metric,
 +
* and how is the metric used.
 +
 +
Bob can be contacted at  austinb <at> korelogic <dot> com or +1.804.379.4656
  
 
== Latest additions to the WIKI ==
 
== Latest additions to the WIKI ==
Line 31: Line 45:
 
* [[‎6th OWASP AppSec Conference - Italy 2007/Agenda]]
 
* [[‎6th OWASP AppSec Conference - Italy 2007/Agenda]]
 
* [[‎Comprehensive list of Threats to Authentication Procedures and Data]]
 
* [[‎Comprehensive list of Threats to Authentication Procedures and Data]]
 +
* [[‎WebScarab SSL Certificates]]
  
 
==== Updated pages====  
 
==== Updated pages====  
Line 46: Line 61:
 
* [[London]]
 
* [[London]]
 
* [[Virginia (Northern Virginia)]]
 
* [[Virginia (Northern Virginia)]]
 +
* [[San Francisco]]
 +
* [[SoCal]]
  
 
Other pages:
 
Other pages:
 
* [[OWASP Spring Of Code 2007 Applications]]
 
* [[OWASP Spring Of Code 2007 Applications]]
 
* [[Testing for Directory Traversal]]
 
* [[Testing for Directory Traversal]]
* [[Testing for Session Management Schema]]
+
* [[Testing for Session Management Schema (OWASP-SM-001)|Testing for Session Management Schema]]
 
* [[OWASP Education Presentation‎]]
 
* [[OWASP Education Presentation‎]]
 
* [[Phishing]]
 
* [[Phishing]]
Line 68: Line 85:
 
* [[PDF Attack Filter for Apache mod rewrite]]
 
* [[PDF Attack Filter for Apache mod rewrite]]
 
* [[Member Offers]]
 
* [[Member Offers]]
 +
* [[Data Validation]]
 +
* [[OWASP Application Security FAQ]]
 +
* [[Phoenix/Tools]]
 +
* [[OWASP Tiger]]
  
 
==== New Documents & Presentations from chapters ====  
 
==== New Documents & Presentations from chapters ====  
Line 102: Line 123:
 
* [http://shiflett.org/blog/2007/mar/owasp-spring-of-code-2007 OWASP Spring of Code 2007]
 
* [http://shiflett.org/blog/2007/mar/owasp-spring-of-code-2007 OWASP Spring of Code 2007]
 
* [http://www.darknet.org.uk/2007/03/jbrofuzz-05-from-owasp-stateless-network-protocol-fuzzer/ JBroFuzz 0.5 from OWASP - Stateless Network Protocol Fuzzer]
 
* [http://www.darknet.org.uk/2007/03/jbrofuzz-05-from-owasp-stateless-network-protocol-fuzzer/ JBroFuzz 0.5 from OWASP - Stateless Network Protocol Fuzzer]
 +
* [http://www.disenchant.ch/blog/owasp-appsec-conference-italy-2007/60 OWASP AppSec Conference - Italy 2007]
 +
* [http://www.javascriptsearch.com/news/press/070413WhiteHat.html WhiteHat Security Chief Technology Officer Jeremiah Grossman To Present at OWASP New York/New Jersey Meeting]
 +
* [http://www.darkreading.com/document.asp?doc_id=120550&WT.svl=news1_1 Security's New School]

Latest revision as of 14:39, 26 May 2009

Sent to owasp-all mailing list on 17 April 2007

Contents

OWASP Newsletter #8 (17-Apr-2007)

A bit later than normal, welcome to the 8th OWASP Newsletter, featuring the OWASP Spring Of Code 2007, details on the 6th AppSec Conference, the Code Review Project, the WeBekci Project and the OWASP Code Review Project is seeking for volunteers.

Note that we also scan blogs for OWASP references.

If you have any content to add to the next edition, feel free to add it directly to its WIKI page (OWASP Newsletter 9).

Sebastien Deleersnyder

Belgium Chapter Leader

Featured Item: OWASP Spring Of Code 2007

We have received lots of OWASP Spring Of Code 2007 Applications! The submission period is now closed. The OWASP board is now evaluating the proposals and will publish the results as soon as possible.

Featured Item: Milan (Italy) Conference Agenda details!

Join us for our 6th AppSec Conference May 15-17 in Milan, Italy. Microsoft will be presenting "The Benefits of the SDL initiative to Microsoft and its Customers" and there will be expert talks on Web Services Security, Securing AJAX, the Microsoft Secure Development Lifecycle, all the new OWASP projects, and much more.

Featured Project: OWASP Code Review Project

The OWASP Code Review project was concieved by Eoin Keary the OWASP Ireland Founder and Chapter Lead. We are actively seeking techies to add new sections as new web technologies emerge. Need help on this one, don't be shy, all help appreciated.

View the OWASP Code Review Project Roadmap.

Featured Project: OWASP WeBekci Project

WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. It will remove management overhead of ModSecurity 2.x. You can configure modsecurity.conf, add special rules and watch system, apache and modsecurity logs (only guardianlog has been implemented in this version).

Web Application Security Metrics Survey Participants Needed

Since meaningful web application security metrics are very lacking, the Web Application Security Metrics seeks to identify and provide the web application security community with a basic set of application security metrics that have been found by contributors to be effective in measuring web application security effectiveness.

Since this Project was launched, it has proven to be challenging to get survey participants (e.g., customers too busy or have no metrics). As a result, Bob Austin (the project leader) is turning directly to you:the OWASP community. He would be very grateful to OWASP members who are willing to take 30 minutes to complete a survey with him by phone (and/or to support collection of metric data from an organization you support). The key data he seeks is as follows:

  • Description of Metric,
  • why the metric was created,
  • how the metric is created,
  • source of the data used to produce the metric,
  • and how is the metric used.

Bob can be contacted at austinb <at> korelogic <dot> com or +1.804.379.4656

Latest additions to the WIKI

New Pages

Updated pages

Updated chapter pages:

Other pages:

New Documents & Presentations from chapters

For a complete list of chapter presentations see the online table of presentations.

Latest Blog entries

OWASP Community

OWASP references in the Media / Blogs