Difference between revisions of "Podcast 26"

Jump to: navigation, search
m (New page: '''OWASP Podcast Series #26''' OWASP NEWS April 2009 (part 2)<br/> Recorded May 28th, 2009<br/> [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=30076...)
Line 3: Line 3:
OWASP NEWS April 2009 (part 2)<br/>
OWASP NEWS April 2009 (part 2)<br/>
Recorded May 28th, 2009<br/>
Recorded May 28th, 2009<br/>
Published June 17th, 2009<br/>
  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] <!-- [http://www.owasp.org/download/jmanico/owasp_podcast_26.mp3 mp3] -->
  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_26.mp3 mp3]

Latest revision as of 18:10, 17 June 2009

OWASP Podcast Series #26

OWASP NEWS April 2009 (part 2)
Recorded May 28th, 2009
Published June 17th, 2009

overview-icon-itunes20081106.jpg Feed-icon-32x32.png mp3


Host: Jim Manico
Copy Editor: Andre Gironda
Participants: Tom Brennan, Jeff Williams, Alex Smolen, Andre Gironda


4/16 http://www.informit.com/articles/article.aspx?p=1338343
http://www.cigital.com/justiceleague/2009/04/16/software-security-2008/ Gary McGraw uses statistics to show that Software Security has come of age
4/17 http://research.zscaler.com/2009/04/we-used-to-laugh-at-xss.html
Michael Sutton discusses history of XSS from Defcon 10 (2002) to the present day (Twitter worm)
4/17 http://jeremiahgrossman.blogspot.com/2009/04/software-security-grew-to-nearly-500m.html
Jeremiah uses McDonalds and Mortons as comparatives for black-box vs. white-box security testing
4/17 http://jeremiahgrossman.blogspot.com/2009/04/website-threats-and-their-capabilities.html
OWASP Catalyst announced
4/20 http://paco.to/?p=305
Paco lists 5 reasons for software certifications
4/20 http://www.greensheet.com/newswire.php?newswire_id=11693
Qualys, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced QualysGuard(R) PCI Connect which is the industry's first Software-as-as-Service (SaaS) ecosystem for PCI compliance connecting merchants to multiple partners and security solutions in order to document and meet all 12 requirements for PCI DSS
4/20 http://labs.securitycompass.com/index.php/2009/04/20/security-analysis-of-core-j2ee-design-patterns/
Rohit Sethi of SecurityCompass posts a blog post on a new Security Compass Labs blog about "Security Analysis of Core Java Enterprise Patterns"
4/21 http://docs.google.com/Doc?id=dd7x5smw_16hdd34ggz
mario heiderich posts some results of browser fuzzing on extraneous characters in tags
4/22 http://plynt.com/blog/2009/04/how-frequently-should-an-appli/
The Plynt blog asks the question, "How frequently shoud Applications be Tested?"
4/24 http://www.troopers09.org/content/e3/e445/index_eng.html
Wendel Guglielmetti Henrique from Trustwave and Sandro Gauchi of EnableSecurity spoke at TROOPERS09 in Munch about "The Truth of Web Application Firewalls: what the vendors do NOT want you to know"
4/27 http://tacticalwebappsec.blogspot.com/2009/04/scanner-and-waf-data-sharing.html
Ryan Barnett gives guidance on how best to make VA+WAF work together
4/27 http://www.owasp.org/index.php/Category:OWASP_PCI_Project
Ed Bellis and Trey Ford start a PCI effort to ensure their activities uniformly meet PCI requirements, and for those getting started - to aid in building a website security strategy that also ensures sustainable PCI compliance.