Recorded December 20, 2008
"For PCI Compliance, its doesn't say that .. that your site has to be secure. It says you need to put in processes, and that you know, you have to act like your trying..." - Stephen Craig Evans
- Stephen Craig Evans is an independent software security consultant based in southeast Asia. - Jim Manico is a Web Application Architect and Security Engineer for Aspect Security.
- December 16, 2008 - OWASP testing guide version 3 has been officially released
- December 15, 2008 - Breaking Google Gears' Cross-Origin Communication Model
- December 10, 2008 - Vulnerability in Internet Explorer Could Allow Remote Code Execution and how the heck did this vuln slip through Microsoft's SDL?
- December 10, 2008 - Michael Zalewski, Googler, dumped core on his browser security knowledge.
- December 9-11, 2008 - [The first OWASP ESAPI Summit was held http://www.owasp.org/index.php/ESAPI_Summit ]
- December 8, 2008 - 4 XSS flaws hit Facebook
- December 8, 2008 - Safe ActiveX? Google wants to run native code over the web.
Interview with Stephen Craig Evans
- OWASP Summer of Code project, "Securing WebGoat using ModSecurity" - OWASP Orizon Project