There are "discussion" pages (also known as "talk" pages) associated with every article at OWASP. You can leave questions, comments, or ideas on these pages for other authors to review. These pages are a good place to propose ideas or discuss possible approaches to problems. You should "sign" your comments by adding four tilde characters (~~~~) after your comment. Thanks!
Hi My name is Deepak Gupta. I am facing cross site scripting threat on my websites. Hackers are able to inject CSS code on my site which have static HTML Pages only. How can I check the root cause this vulnerabilty. How I can see if my server is compromised or not for this kind of attack.
OWASP in Latin America?
Hi my name is Katia Guzman, and I am interested in knowing experiences in OWASP's use in latin america. If someone knows about some case, I will be grateful for it.
Please check out the Local Chapters in latin america and contact the folks running them. OWASP 22:20, 22 July 2006 (EDT)
Application Security Students
I am Yogesh - student, I heard about OWASP's & intrested to go into application info security.As it is a vast field of expertize. Tell me how a studend with specialized MBA-IT background can fit in.
The best way to learn application security is by doing it. Check out the OWASP student projects for some ideas. It's a great way to learn. OWASP 22:20, 22 July 2006 (EDT)
What basic knowledge should I have before choosing "Threat Risk modeling" as my career. (Looking for detailed feedback ) Thank you
You need a basic knowledge of application security principles, threats, attacks, vulnerabilities, and countermeasures. Check the OWASP Honeycomb Project for the basic information you need. You should also read about the process of threat modeling. There are a few books on the subject, including "Threat Modeling" and "Secure Development Lifecycle" from the Microsoft Press. Note - it's not yet clear whether "Threat Risk modeling" is actually a career yet. There are clear careers as an "application security architect" and "application security tester" (including cod review).
Java Application Security
What are the specific thing which we need to keep in mind while programming in JAVA to make our code secure to all types of attack (--Rajnishk7 02:46, 24 June 2006 (EDT))
Check out the OWASP Java Project for lots of information on this topic. OWASP 22:20, 22 July 2006 (EDT)
webmaster: security warning
I'm getting a "security warning" when navigating to most pages. Can this be fixed globally?
"This page contains both secure and non-secure items. Do you wish to display the non-secure items?"