Difference between revisions of "Podcast 29"

From OWASP
Jump to: navigation, search
m
Line 1: Line 1:
 
'''[[OWASP_Podcast|OWASP Podcast Series]] #29'''
 
'''[[OWASP_Podcast|OWASP Podcast Series]] #29'''
  
OWASP Interview with Ross Anderson<br/>
+
OWASP NEWS May 2009 (part 1)<br/>
Recorded May 13, 2009 at OWASP EU Poland<br/>
+
Recorded June 11th, 2009<br/>
  
 
  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] <!-- [http://www.owasp.org/download/jmanico/owasp_podcast_29.mp3 mp3] -->
 
  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] <!-- [http://www.owasp.org/download/jmanico/owasp_podcast_29.mp3 mp3] -->
  
 
==Participants==
 
==Participants==
<ul>
+
 
<li><p>Ross John Anderson, FRS, (born 1956) is a researcher, writer, and industry consultant in security engineering. He is Professor in Security Engineering at the University of Cambridge Computer Laboratory, where he is engaged in the Security Group. He is the well known author of "Security Engineering" now in its [http://www.cl.cam.ac.uk/~rja14/book.html second edition].<br />
+
Host: Jim Manico<br/>
<br />
+
Copy Editors: Andre Gironda and Boaz Gelbord<br/>
For more information, see [http://en.wikipedia.org/wiki/Ross_J._Anderson_(professor)] or his web page at [http://www.ross-anderson.com www.ross-anderson.com]
+
Participants: Jeff Williams, Boaz Gelbord, Arshan Dabirsiaghi, Andrew van der Stock<br/>
</p>
+
 
 +
==Articles==
 +
;5/1 Mythbusting – Secure Code is Less Expensive to Develop http://jeremiahgrossman.blogspot.com/2009/05/mythbusting-secure-code-is-less.html
 +
;5/1 Getting started with the PHP-IDS Intrusion Detection System http://www.h-online.com/security/Getting-started-with-the-PHPIDS-intrusion-detection-system--/features/113163
 +
;5/5 http://nickcoblentz.blogspot.com/2009/05/light-weight-code-review-as-you-program.html
 +
;5/4 Using Denial of Service for Hacking http://ha.ckers.org/blog/20090504/using-denial-of-service-for-hacking/
 +
;5/4 OWASP ISWG: Struts 2/WebWork Gap Analysis http://nickcoblentz.blogspot.com/2009/05/owasp-iswg-struts-2webwork-gap-analysis.html http://nickcoblentz.blogspot.com/2009/05/struts-2-security-addons-code.html
 +
;5/4 Best Practice: Consider External Data Feeds Untrusted http://www.veracode.com/blog/2009/05/best-practice-consider-external-data-feeds-untrusted/
 +
;5/4 Protection against Forceful Browsing http://coding-insecurity.blogspot.com/2009/05/protection-against-forceful-browsing.html
 +
;5/5 Moth - A new release from the w3af project http://www.mail-archive.com/w3af-develop@lists.sourceforge.net/msg00369.html http://security-sh3ll.blogspot.com/2009/05/moth.html
 +
;5/6 Enter Formjacking http://i8jesus.com/?p=48
 +
;5/8 8 Reasons Why Website Vulnerabilities Are Not Fixed http://jeremiahgrossman.blogspot.com/2009/05/8-reasons-why-website-vulnerabilities.html
 +
;5/8 SQL Injection Lessons from X-Force Emergency Response Service Investigations http://blogs.iss.net/archive/sql-injection-ers.html
 +
;5/12 Delay of FTC Red Flag Rule http://www.bankinfosecurity.com/articles.php?art_id=1457
 +
;5/13 Effective Account Lockout http://coding-insecurity.blogspot.com/2009/05/effective-account-lockout.html

Revision as of 00:35, 19 June 2009

OWASP Podcast Series #29

OWASP NEWS May 2009 (part 1)
Recorded June 11th, 2009

overview-icon-itunes20081106.jpg Feed-icon-32x32.png 

Participants

Host: Jim Manico
Copy Editors: Andre Gironda and Boaz Gelbord
Participants: Jeff Williams, Boaz Gelbord, Arshan Dabirsiaghi, Andrew van der Stock

Articles

5/1 Mythbusting – Secure Code is Less Expensive to Develop http://jeremiahgrossman.blogspot.com/2009/05/mythbusting-secure-code-is-less.html
5/1 Getting started with the PHP-IDS Intrusion Detection System http://www.h-online.com/security/Getting-started-with-the-PHPIDS-intrusion-detection-system--/features/113163
5/5 http://nickcoblentz.blogspot.com/2009/05/light-weight-code-review-as-you-program.html
5/4 Using Denial of Service for Hacking http://ha.ckers.org/blog/20090504/using-denial-of-service-for-hacking/
5/4 OWASP ISWG
Struts 2/WebWork Gap Analysis http://nickcoblentz.blogspot.com/2009/05/owasp-iswg-struts-2webwork-gap-analysis.html http://nickcoblentz.blogspot.com/2009/05/struts-2-security-addons-code.html
5/4 Best Practice
Consider External Data Feeds Untrusted http://www.veracode.com/blog/2009/05/best-practice-consider-external-data-feeds-untrusted/
5/4 Protection against Forceful Browsing http://coding-insecurity.blogspot.com/2009/05/protection-against-forceful-browsing.html
5/5 Moth - A new release from the w3af project http://www.mail-archive.com/w3af-develop@lists.sourceforge.net/msg00369.html http://security-sh3ll.blogspot.com/2009/05/moth.html
5/6 Enter Formjacking http://i8jesus.com/?p=48
5/8 8 Reasons Why Website Vulnerabilities Are Not Fixed http://jeremiahgrossman.blogspot.com/2009/05/8-reasons-why-website-vulnerabilities.html
5/8 SQL Injection Lessons from X-Force Emergency Response Service Investigations http://blogs.iss.net/archive/sql-injection-ers.html
5/12 Delay of FTC Red Flag Rule http://www.bankinfosecurity.com/articles.php?art_id=1457
5/13 Effective Account Lockout http://coding-insecurity.blogspot.com/2009/05/effective-account-lockout.html