There are "discussion" pages (also known as "talk" pages) associated with every article at OWASP. You can leave questions, comments, or ideas on these pages for other authors to review. These pages are a good place to propose ideas or discuss possible approaches to problems. You should "sign" your comments by adding four tilde characters (~~~~) after your comment. Thanks!
OWASP in Latin America?
Hi my name is Katia Guzman, and I am interested in knowing experiences in OWASP's use in latin america. If someone knows about some case, I will be grateful for it.
Please check out the Local Chapters in latin america and contact the folks running them. OWASP 22:20, 22 July 2006 (EDT)
Application Security Issue
Hi My name is Deepak Gupta. I am facing cross site scripting threat on my websites. Hackers are able to inject CSS code on my site which have static HTML Pages only. How can I check the root cause this vulnerabilty. How I can see if my server is compromised or not for this kind of attack.
Application Security Students
I am Yogesh - student, I heard about OWASP's & intrested to go into application info security.As it is a vast field of expertize. Tell me how a studend with specialized MBA-IT background can fit in.
The best way to learn application security is by doing it. Check out the OWASP student projects for some ideas. It's a great way to learn. OWASP 22:20, 22 July 2006 (EDT)
What basic knowledge should I have before choosing "Threat Risk modeling" as my career. (Looking for detailed feedback ) Thank you
You need a basic knowledge of application security principles, threats, attacks, vulnerabilities, and countermeasures. Check the OWASP Honeycomb Project for the basic information you need. You should also read about the process of threat modeling. There are a few books on the subject, including "Threat Modeling" and "Secure Development Lifecycle" from the Microsoft Press. Note - it's not yet clear whether "Threat Risk modeling" is actually a career yet. There are clear careers as an "application security architect" and "application security tester" (including cod review).
Java Application Security
What are the specific thing which we need to keep in mind while programming in JAVA to make our code secure to all types of attack (--Rajnishk7 02:46, 24 June 2006 (EDT))
Check out the OWASP Java Project for lots of information on this topic. OWASP 22:20, 22 July 2006 (EDT)
webmaster: security warning
I'm getting a "security warning" when navigating to most pages. Can this be fixed globally?
"This page contains both secure and non-secure items. Do you wish to display the non-secure items?"
This is visible on Chrome by ctrl-shift-I to list the insecure pages.
Fixing the youtube url to HTTPS on the main page would fix one of these warnings.
i want to know which would be the injection if the application is SAP basis and what would be the recent vulnerabilities regarding this application in general?
Reply me at firstname.lastname@example.org