Difference between revisions of "Podcast 2"

From OWASP
Jump to: navigation, search
m
m
Line 1: Line 1:
 
'''[https://www.owasp.org/index.php/Category:OWASP_PodCast OWASP Podcast Series] #2'''
 
'''[https://www.owasp.org/index.php/Category:OWASP_PodCast OWASP Podcast Series] #2'''
  
Recording December 20, 2008
+
<b>Recording December 20, 2008</b>
  
Participants
+
== Participants ==
 
  - Stephen Craig Evans is an independent software security consultant based in southeast Asia.
 
  - Stephen Craig Evans is an independent software security consultant based in southeast Asia.
 
  - Jim Manico is a Web Application Architect and Security Engineer for Aspect Security.  
 
  - Jim Manico is a Web Application Architect and Security Engineer for Aspect Security.  
  
OWASP News
+
== OWASP News ==
 
  - December 16, 2008 - [http://securesoftware.blogspot.com/2008/12/owasp-security-testing-guide-vs-3.html OWASP testing guide version 3 has been officially released]
 
  - December 16, 2008 - [http://securesoftware.blogspot.com/2008/12/owasp-security-testing-guide-vs-3.html OWASP testing guide version 3 has been officially released]
 
  - December 15, 2008 - [http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html Breaking Google Gears' Cross-Origin Communication Model]  
 
  - December 15, 2008 - [http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html Breaking Google Gears' Cross-Origin Communication Model]  
Line 15: Line 15:
 
  - December 8, 2008  - Safe ActiveX?  [http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html Google wants to run native code over the web.] "Our approach is built around a software containment system called the inner-sandbox that is designed to prevent unintended interactions between a native code module and the host system. The inner-sandbox uses static analysis to detect security defects in untrusted x86 code...  for example, the validator can determine whether the executable includes instructions that directly invoke the operating system that could read or write files or subvert the containment system itself.
 
  - December 8, 2008  - Safe ActiveX?  [http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html Google wants to run native code over the web.] "Our approach is built around a software containment system called the inner-sandbox that is designed to prevent unintended interactions between a native code module and the host system. The inner-sandbox uses static analysis to detect security defects in untrusted x86 code...  for example, the validator can determine whether the executable includes instructions that directly invoke the operating system that could read or write files or subvert the containment system itself.
  
Interview with Stephen Craig Evans
+
== Interview with Stephen Craig Evans ==
 
  - OWASP Summer of Code project, "Securing WebGoat using ModSecurity"
 
  - OWASP Summer of Code project, "Securing WebGoat using ModSecurity"

Revision as of 02:27, 18 December 2008

OWASP Podcast Series #2

Recording December 20, 2008

Participants

- Stephen Craig Evans is an independent software security consultant based in southeast Asia.
- Jim Manico is a Web Application Architect and Security Engineer for Aspect Security. 

OWASP News

- December 16, 2008 - OWASP testing guide version 3 has been officially released
- December 15, 2008 - Breaking Google Gears' Cross-Origin Communication Model 
- December 10, 2008 - Vulnerability in Internet Explorer Could Allow Remote Code Execution
- December 10, 2008 - Michael Zalewski, Googler, dumped core on his browser security knowledge.
- December 8, 2008  - 4 XSS flaws hit Facebook
- December 8, 2008  - Safe ActiveX?  Google wants to run native code over the web. "Our approach is built around a software containment system called the inner-sandbox that is designed to prevent unintended interactions between a native code module and the host system. The inner-sandbox uses static analysis to detect security defects in untrusted x86 code...  for example, the validator can determine whether the executable includes instructions that directly invoke the operating system that could read or write files or subvert the containment system itself.

Interview with Stephen Craig Evans

- OWASP Summer of Code project, "Securing WebGoat using ModSecurity"