Difference between revisions of "Podcast 8"

From OWASP
Jump to: navigation, search
(OWASP AppSec News)
(OWASP AppSec News)
Line 19: Line 19:
 
Dan Cornell of the Denim Group recently spoke at the San Antonio OWASP on "Vulnerability Management in an Application Security World".  In this presentation, Dan's agenda focuses in on what to do after you've found vulnerabilities in an application, as well as the different perspectives from a classic IT security group versus the one-track, bug-track mind of developers.<br/ >
 
Dan Cornell of the Denim Group recently spoke at the San Antonio OWASP on "Vulnerability Management in an Application Security World".  In this presentation, Dan's agenda focuses in on what to do after you've found vulnerabilities in an application, as well as the different perspectives from a classic IT security group versus the one-track, bug-track mind of developers.<br/ >
 
http://keepitlocked.net/archive/2009/01/27/socalcodecamp-presentation-quot-top-ten-tips-for-tenacious-defense-for-asp-net-application-quot.aspx<br />
 
http://keepitlocked.net/archive/2009/01/27/socalcodecamp-presentation-quot-top-ten-tips-for-tenacious-defense-for-asp-net-application-quot.aspx<br />
Another presentation came across the blog world from Alex Smolen @ Foundstone.  He spoke at SoCal Code Camp on the "Top Ten Tips for Tenacious Defense in ASP.NET".  I know that a lot of people ask, "What are the specific protections that OWASP recommends, and which are beta or stable enough to use?"  Alex seems to have a prescription.<br/ >
+
Another presentation came across the blog world from Alex Smolen @ Foundstone.  He spoke at SoCal Code Camp on the "Top Ten Tips for Tenacious Defense in ASP.NET".  I know that a lot of people ask, "What are the specific protections that OWASP recommends, and which are out of beta or stable enough to use?"  Alex seems to have a prescription.<br/ >
 
http://www.cgisecurity.com/2009/01/web-application-scanners-comparison.html<br />
 
http://www.cgisecurity.com/2009/01/web-application-scanners-comparison.html<br />
 
http://shreeraj.blogspot.com/2009/01/infosecworld-08-presenting-research.html<br />
 
http://shreeraj.blogspot.com/2009/01/infosecworld-08-presenting-research.html<br />

Revision as of 14:45, 8 February 2009

OWASP Podcast Series #8

OWASP NEWS
Recording TBD

overview-icon-itunes20081106.jpg Feed-icon-32x32.png

OWASP AppSec News

http://www.suspekt.org/2009/02/06/some-facts-about-the-phplist-vulnerability-and-the-phpbbcom-hack/
http://hackedphpbb.blogspot.com/2009/01/place-holder.html
http://www.owasp.org/index.php/Category:OWASP_Scrubbr
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
http://michael-coates.blogspot.com/2009/02/xss-prevention.html
While many of you may be familiar with the ha.ckers.org RSnake XSS Cheat Sheet, Michael Coates talks about the advantages of the OWASP XSS Prevention Cheat Sheet. He says it's cool because it addresses: Injecting Up vs Injecting Down, Attribute Escaping, Javascripting Escaping, CSS Escaping, and URL Escaping
http://blogs.msdn.com/sdl/archive/2009/01/27/sdl-and-the-cwe-sans-top-25.aspx
Bryan Sullivan and Michael Howard put together some information about the Top 25 Most Dangerious programming errors on the SDL blog, including a mapping of the Microsoft SDL to each Common Weakness, or CWE, and how to best address each weakness through education, threat-modeling, a specific Microsoft tool, and/or manual review
http://denimgroup.typepad.com/denim_group/2009/01/owasp-san-antonio-slide-deck-online.html
Dan Cornell of the Denim Group recently spoke at the San Antonio OWASP on "Vulnerability Management in an Application Security World". In this presentation, Dan's agenda focuses in on what to do after you've found vulnerabilities in an application, as well as the different perspectives from a classic IT security group versus the one-track, bug-track mind of developers.
http://keepitlocked.net/archive/2009/01/27/socalcodecamp-presentation-quot-top-ten-tips-for-tenacious-defense-for-asp-net-application-quot.aspx
Another presentation came across the blog world from Alex Smolen @ Foundstone. He spoke at SoCal Code Camp on the "Top Ten Tips for Tenacious Defense in ASP.NET". I know that a lot of people ask, "What are the specific protections that OWASP recommends, and which are out of beta or stable enough to use?" Alex seems to have a prescription.
http://www.cgisecurity.com/2009/01/web-application-scanners-comparison.html
http://shreeraj.blogspot.com/2009/01/infosecworld-08-presenting-research.html
http://www.cigital.com/justiceleague/2009/01/22/let-the-posturing-begin/
http://nickcoblentz.blogspot.com/2009/01/owasps-xss-prevention-cheat-sheet.html
http://jobsearchtech.about.com/od/educationfortechcareers/g/CSSLP.htm
http://ounceopen.squarespace.com
http://research.zscaler.com