Difference between revisions of "OWASP Newsletter 9"

Jump to: navigation, search
Line 77: Line 77:
==== OWASP Community====
==== OWASP Community====
New chapters: [[Boulder]], [[‎Calgary]], [[Pune]]. The [[Belgium]] and [[Luxemburg]] chapter are combined into a new BeLux chapter.  
New chapters: [[Boulder]], [[‎Calgary]] and [[Pune]].  
; '''Mar 30 - [[NYC and New Jersey OWASP Chapter Combine]]
* '''The [[Belgium]] and [[Luxemburg]] chapter are combined into a new BeLux chapter.  
;* [https://www.owasp.org/index.php/NYNJMetro/ Over 500 Members combined - NY/NJ Metro]
* '''Mar 30 - NYC and New Jersey OWASP Chapter Combine[https://www.owasp.org/index.php/NYNJMetro/ Over 500 Members combined - NY/NJ Metro]
* '''June 12 (18:00hr) - [[New Jersey|NY/NJ Metro chapter meeting]]'''
* '''June 12 (18:00hr) - [[New Jersey|NY/NJ Metro chapter meeting]]'''
Line 109: Line 109:
== OWASP references in the Media==
== OWASP references in the Media==
* [http://myappsecurity.blogspot.com/2007/04/reflection-on-andrew-van-der-stock.html Reflection on Andrew Van Der Stock ]
* [http://myappsecurity.blogspot.com/2007/04/reflection-on-andrew-van-der-stock.html Reflection on Andrew Van Der Stock ]
* [http://blog.securitymonks.com/?p=32 Security Metrics]]
* [http://blog.securitymonks.com/?p=32 Security Metrics]
* [http://sunbeltblog.blogspot.com/2007/04/security-concerns-in-web-20-world.html Security concerns in the Web 2.0 world ]
* [http://sunbeltblog.blogspot.com/2007/04/security-concerns-in-web-20-world.html Security concerns in the Web 2.0 world ]
* [http://securitybuddha.com/2007/04/25/the-ism-community-revamp/ The ISM Community Revamp]
* [http://securitybuddha.com/2007/04/25/the-ism-community-revamp/ The ISM Community Revamp]

Revision as of 02:05, 1 May 2007

Sent to owasp-all mailing list on ?? May 2007

OWASP Newsletter #9 (1-May-2007)

Welcome to the 9th OWASP Newsletter, tbd ...

If you have any content to add to the next edition, feel free to add it directly to its WIKI page (OWASP Newsletter 10).

Sebastien Deleersnyder

Belgium Chapter Leader

Featured Item: SpoC2007 Selections

To be filled in by Dinis

Featured Item: 6th AppSec Conference

The agenda for the 6th Application Security Conference May 15-17 in Milan has been set, the dinner location determined, and all the details are coming together. Please check out the updated details at: http://www.owasp.org/index.php/6th_OWASP_AppSec_Conference_-_Italy_2007.

Featured (non-OWASP) Project: Security Through Scrutiny: Java Open Review Project

A joint project from the Findbugs group and Fortify Software is examining open source components for security and quality defects. The project, accessible at http://opensource.fortifysoftware.com, allows participants to:

  • submit projects to be scanned with Findbugs and Fortify Source Code Analysis suite
  • help review potential defects through the online code review interface
  • keep track of project defects as they are uncovered and fixed by the open source community
  • receive tips on performing code reviews for security defects

The project is open to all Java open source projects and any person that wants to contribute, either through code reviews, project submissions, or project feedback. Current projects include: Tomcat, Jforums, Azureus, Nuxeo, Spring, Struts, select OWASP projects, and more!

People are encouraged to visit the site: http://opensource.fortifysoftware.com for more details or stop by the Fortify/Findbugs demo booth at JavaOne 2007. Project owners that are interested in being featured can email: openaudit <at> fortifysoftware <dot> com

Latest additions to the WIKI

Updated pages

Updated chapter pages:

Other pages:

New Documents & Presentations from chapters

For a complete list of chapter presentations see the online table of presentations.

Latest Blog entries

OWASP Community

New chapters: Boulder, ‎Calgary and Pune.

Application Security News

Apr 21 - Concurrency and porn
"First it was porn, now it's privacy - a technical stuff-up on reality show Big Brother's website is said to have exposed the personal details of fans who signed up for its special features. Following reports that visitors to a pirate Big Brother site were sent to a hardcore porn page, it now seems the names and phone numbers of people who registered for the official site were able to be viewed by others"
Apr 21 - Does first Vista 0day undermine SDL?
Ken van Wyk discusses the importance of process for producing secure software, and notes that attacks on Vista may undermine the general support for Microsoft's approach. Check out Michael Howard's talk from the last OWASP conference for a great discussion on the success of the SDL.
Apr 19 - Why the software market is full of lemons
Bruce Schneier finally chimes in on an [old OWASP theme] - the problem of assymetric information between software buyers and sellers. He only talks about security products, but the same problem affects all types of software. Check the [Software Facts Label which is an idea for actually doing something to change the game.
Apr 10 - "There is no hope"
Despite all the good stuff at OWASP, Scott Berinato is giving up. "No official announcement is forthcoming, but the Internet is broken and it can't be repaired. Oh, it's still there. You can still use it. Then again, if you went hiking and came across an old, broken-down mine shaft, you could still use that, too."

OWASP references in the Media