Difference between revisions of "Podcast 2"

From OWASP
Jump to: navigation, search
m (OWASP News)
m (OWASP News)
Line 10: Line 10:
  
 
== OWASP News ==  
 
== OWASP News ==  
- December 16, 2008 - [http://securesoftware.blogspot.com/2008/12/owasp-security-testing-guide-vs-3.html OWASP testing guide version 3 has been officially released]
+
 
- December 15, 2008 - [http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html Breaking Google Gears' Cross-Origin Communication Model]  
+
<ul>
- December 10, 2008 - [http://www.microsoft.com/technet/security/advisory/961051.mspx Vulnerability in Internet Explorer Could Allow Remote Code Execution] and how the heck did this vuln [slip through their SDL http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx]
+
<li>December 16, 2008 - [http://securesoftware.blogspot.com/2008/12/owasp-security-testing-guide-vs-3.html OWASP testing guide version 3 has been officially released]</li>
- December 10, 2008 - Michael Zalewski, Googler, dumped core on his [http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html browser security knowledge.]
+
<li>December 15, 2008 - [http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html Breaking Google Gears' Cross-Origin Communication Model] </li>
- December 8, 2008  - [http://blogs.zdnet.com/security/?p=2308 4 XSS flaws hit Facebook]
+
<li>December 10, 2008 - [http://www.microsoft.com/technet/security/advisory/961051.mspx Vulnerability in Internet Explorer Could Allow Remote Code Execution] and how the heck did this vuln [http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx slip through Microsoft's SDL?]</li>
- December 8, 2008  - Safe ActiveX?  [http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html Google wants to run native code over the web.]
+
<li>December 10, 2008 - Michael Zalewski, Googler, dumped core on his [http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html browser security knowledge.]</li>
 +
<li>December 8, 2008  - [http://blogs.zdnet.com/security/?p=2308 4 XSS flaws hit Facebook]</li>
 +
<li>December 8, 2008  - Safe ActiveX?  [http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html Google wants to run native code over the web.]</li>
 +
</ul>
  
 
== Interview with Stephen Craig Evans ==  
 
== Interview with Stephen Craig Evans ==  
 
  - OWASP Summer of Code project, [http://www.owasp.org/index.php/Category:OWASP_Securing_WebGoat_using_ModSecurity_Project "Securing WebGoat using ModSecurity"]
 
  - OWASP Summer of Code project, [http://www.owasp.org/index.php/Category:OWASP_Securing_WebGoat_using_ModSecurity_Project "Securing WebGoat using ModSecurity"]
 
  - [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon Project]
 
  - [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon Project]

Revision as of 06:13, 21 December 2008

OWASP Podcast Series #2

Recorded December 20, 2008

"For PCI Compliance, its doesn't say that .. that your site has to be secure. It says you need to put in processes, and that you know, you have to act like your trying..." - Stephen Craig Evans

Participants

- Stephen Craig Evans is an independent software security consultant based in southeast Asia.
- Jim Manico is a Web Application Architect and Security Engineer for Aspect Security. 

OWASP News

Interview with Stephen Craig Evans

- OWASP Summer of Code project, "Securing WebGoat using ModSecurity"
- OWASP Orizon Project