Difference between revisions of "Podcast 2"

From OWASP
Jump to: navigation, search
m
m
 
(14 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
'''[[OWASP_Podcast | OWASP Podcast Series]] #2'''
 
'''[[OWASP_Podcast | OWASP Podcast Series]] #2'''
 +
<br/>Interview with Stephen Craig Evans<br/>
 +
<b>Recorded December 20, 2008</b><br/>
 +
[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_2.mp3 direct download]
  
<b>Recorded December 20, 2008</b>
+
"For PCI Compliance,  its doesn't say that .. that your site<br/>
- [http://www.owasp.org/download/jmanico/owasp_podcast_2.mp3 Listen Now owasp_podcast_2.mp3]
+
has to be secure. It says you need to put in processes, and that<br/>
 
+
you know, you have to act like you're trying..." - Stephen Craig Evans
"For PCI Compliance,  its doesn't say that .. that your site has to be secure. It says you need to put in processes, and that you know, you have to act like you're trying..." - Stephen Craig Evans
+
 
+
[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png]
+
  
 
== Participants ==
 
== Participants ==
 
  - Stephen Craig Evans is an independent software security consultant based in southeast Asia.
 
  - Stephen Craig Evans is an independent software security consultant based in southeast Asia.
 
  - Jim Manico is a Web Application Architect and Security Engineer for Aspect Security.  
 
  - Jim Manico is a Web Application Architect and Security Engineer for Aspect Security.  
 
== OWASP News ==
 
 
'''December 16, 2008''' - [http://securesoftware.blogspot.com/2008/12/owasp-security-testing-guide-vs-3.html OWASP testing guide version 3 has been officially released]
 
* The new testing guide is finally here!  Give it to your developers, testers, and anyone else responsible for ensuring the security of an application is built to spec through formal testing and observation.  Also great for the consultant, to brush up on testing techniques for a variety of technologies.  This Summer of Code 2008 Project was lead by [http://www.owasp.org/index.php/User:Mmeucci Matteo Meucci] and the following [[OWASP_Testing_Guide_Contributors|contributors]].
 
 
'''December 15, 2008''' - [http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html Breaking Google Gears' Cross-Origin Communication Model]
 
* <short description goes here>
 
 
'''December 10, 2008''' - [http://www.microsoft.com/technet/security/advisory/961051.mspx Vulnerability in Internet Explorer Could Allow Remote Code Execution] and how the heck did this vuln [http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx slip through Microsoft's SDL?]
 
* <short description goes here>
 
 
'''December 10, 2008''' - Michael Zalewski, Googler, dumped core on his [http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html browser security knowledge.]
 
* <short description goes here>
 
 
'''December 9-11, 2008''' - [http://www.owasp.org/index.php/ESAPI_Summit The first OWASP ESAPI Summit]
 
* <short description goes here>
 
 
'''December 8, 2008'''  - [http://blogs.zdnet.com/security/?p=2308 4 XSS flaws hit Facebook]
 
* <short description goes here>
 
 
'''December 8, 2008'''  - Safe ActiveX?  [http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html Google wants to run native code over the web.]
 
* <short description goes here>
 
  
 
== Interview with Stephen Craig Evans ==  
 
== Interview with Stephen Craig Evans ==  
  - OWASP Summer of Code project, [[OWASP_Securing_WebGoat_using_ModSecurity_Project|Securing WebGoat using ModSecurity]]
+
  - OWASP Summer of Code project wiki, [[OWASP_Securing_WebGoat_using_ModSecurity_Project|Securing WebGoat using ModSecurity]]
 
  - OWASP Orizon Project
 
  - OWASP Orizon Project
 
  - Advice for those who want to contribute to a OWASP project
 
  - Advice for those who want to contribute to a OWASP project
 
  - Status of Web App Sec in the Asia/Pacific region
 
  - Status of Web App Sec in the Asia/Pacific region
 +
 +
== Podcast References ==
 +
- Securing WebGoat using ModSecurity [https://www.owasp.org/index.php/Category:OWASP_Securing_WebGoat_using_ModSecurity_Project project main page]
 +
- Discussion of the project in [https://www.owasp.org/index.php/Podcast_1 OWASP Podcast #1] starting at the 58 minute mark
 +
- [http://video.google.com/videoplay?docid=-5884267248089217481 Application Intrusion Prevention Systems - Fabrice Marie] ([http://www.packetstormsecurity.org/hitb06/DAY_1_-_Fabrice_Marie_-_AIPS.pdf Slides], [http://video.hitb.org/2006.html HITB 2006 home page])
 +
- [http://remo.netnea.com/ Remo - Rule Editor for ModSecurity]
 +
- [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference OWASP NYC AppSec 2008 Conference home page]
 +
- [http://video.google.com/videoplay?docid=5269154656993046978 Building a tool for Security consultants: A story of a customized source code scanner - Dinis Cruz]
 +
- [http://ounceopen.squarespace.com/ Ounce O2 web site]
 +
- [http://video.google.com/videoplay?docid=-9104434795648450379 The OWASP Orizon Project: towards version 1.0 - Paolo Perego] ([http://www.owasp.org/index.php/Image:The_Owasp_Orizon_Project_Towards_version_1.0_v1.0.ppt#file Slides])
 +
- [https://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon project]
 +
- Please post project questions/comments on the mailing list (subscribe [https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity here])

Latest revision as of 21:34, 30 January 2009

OWASP Podcast Series #2
Interview with Stephen Craig Evans
Recorded December 20, 2008

overview-icon-itunes20081106.jpg Feed-icon-32x32.png direct download

"For PCI Compliance, its doesn't say that .. that your site
has to be secure. It says you need to put in processes, and that
you know, you have to act like you're trying..." - Stephen Craig Evans

Participants

- Stephen Craig Evans is an independent software security consultant based in southeast Asia.
- Jim Manico is a Web Application Architect and Security Engineer for Aspect Security. 

Interview with Stephen Craig Evans

- OWASP Summer of Code project wiki, Securing WebGoat using ModSecurity
- OWASP Orizon Project
- Advice for those who want to contribute to a OWASP project
- Status of Web App Sec in the Asia/Pacific region

Podcast References

- Securing WebGoat using ModSecurity project main page
- Discussion of the project in OWASP Podcast #1 starting at the 58 minute mark
- Application Intrusion Prevention Systems - Fabrice Marie (Slides, HITB 2006 home page)
- Remo - Rule Editor for ModSecurity
- OWASP NYC AppSec 2008 Conference home page
- Building a tool for Security consultants: A story of a customized source code scanner - Dinis Cruz
- Ounce O2 web site
- The OWASP Orizon Project: towards version 1.0 - Paolo Perego (Slides)
- OWASP Orizon project
- Please post project questions/comments on the mailing list (subscribe here)