[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-dotnet
Subject: [Owasp-dotnet] My Media Outreach for OWASP .NET
From: "Mark Roxberry" <mark.roxberry () owasp ! org>
Date: 2008-05-30 18:29:18
Message-ID: 31a291680805301129x227e474fna0f29c67cd2c2d2d () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hey folks,
I've been reaching out to various publications about OWASP .NET and our
projects. So far I'm looking to work with ISSA Journal, MSDN Magazine, Code
magazine - a couple of others. I have had a couple of responses interested
in the kinds of topics that we could write about (I have responses now from
ISSA and MSDN for suggested articles). Here's a list that I suggested now:
1. OWASP as a resource for Software Developers. Talk about top 10,
Testing and code review guides, technology projects. We have a couple of
tools that are pretty useful, Site Generator for creating vulnerable test
sites for education, Report Generator for penetration testing documentation,
Anti-Samy - server side XSS scrubbing with a very flexible, policy based
introspection engine, ESAPI (Enterprise Security API) - a complete security
API for authentication, authorization, validation, encryption.
2. A couple of areas that I'm focusing on in the Microsoft area for OWASP
.NET include operational guidance and incident response specific to MS
technology. My clients tend to be small to mid sized businesses that are
not security savvy. The resources for operations and incident response are
scattered and hard to get a handle on. I could write an article related to
small to mid size business digital forensics and what should be done prior
to an incident to be able to respond and conduct an investigation following
an attack.
3. Open Source Security for Web Software - Best practices for assurance
and vulnerability research for using popular web software (e.g. Wordpress,
Community Server, Sharepoint). We've started projects to research public,
community web software packages. When the research is good to go, I can
provide articles for our research methodology, best practices for using the
platforms and vulnerability information (discovery and remediation).
4. Security Driven Development - Integrating continuous vulnerability
testing into software development. I'm currently researching techniques for
putting vulnerability testing into daily software build cycles. I am coding
a few components, for fuzzing, sql injection, script injection to run
against code when it is compiled. This will be a line of defense that
developers can integrate and add manual tests and basically be very visible
as part of software development.
I'd be interested if anyone had any other topics that I can add to this.
And I'd appreciate any thoughts about my suggestions.
FYI, article submission guidelines have sizes varying, e.g. ISSA suggests
1500-3000, MSDN 3000-8000. Also, there is usually some kind of property
agreement (e.g. ISSA has 18 months of rights before rights revert to
author). I'm tracking these guidelines if anyone is interested, send me an
e-mail.
Regards,
Mark
Mark Roxberry, CISSP, CEH
OWASP .NET Project Leader
[Attachment #5 (text/html)]
Hey folks,<br><br>I've been reaching out to various publications about OWASP .NET \
and our projects. So far I'm looking to work with ISSA Journal, MSDN \
Magazine, Code magazine - a couple of others. I have had a couple of responses \
interested in the kinds of topics that we could write about (I have responses now \
from ISSA and MSDN for suggested articles). Here's a list that I suggested \
now:<br> <br><ol><li>OWASP as a resource for Software Developers. Talk about \
top 10, Testing and code review guides, technology projects. We have a
couple of tools that are pretty useful, Site Generator for creating
vulnerable test sites for education, Report Generator for penetration
testing documentation, Anti-Samy - server side XSS scrubbing with a
very flexible, policy based introspection engine, ESAPI (Enterprise
Security API) - a complete security API for authentication,
authorization, validation, encryption.<br><br></li><li>A couple of areas that I'm \
focusing on in the Microsoft area for OWASP .NET include operational guidance and \
incident response specific to MS technology. My clients tend to be small to mid \
sized businesses that are not security savvy. The resources for operations
and incident response are scattered and hard to get a handle on. I
could write an article related to small to mid size business digital
forensics and what should be done prior to an incident to be able to
respond and conduct an investigation following an attack.<br><br></li><li>Open Source \
Security for Web Software - Best practices for assurance and vulnerability research \
for using popular web software (e.g. Wordpress, Community Server, \
Sharepoint). We've started projects to research public, community web \
software packages. When the research is good to go, I can provide articles for \
our research methodology, best practices for using the platforms and vulnerability
information (discovery and remediation).<br><br></li><li>Security Driven Development \
- Integrating continuous vulnerability testing into software development. \
I'm currently researching techniques for putting vulnerability testing into daily
software build cycles. I am coding a few components, for fuzzing, sql
injection, script injection to run against code when it is compiled.
This will be a line of defense that developers can integrate and add
manual tests and basically be very visible as part of software
development.</li></ol>I'd be interested if anyone had any other topics that I can \
add to this. And I'd appreciate any thoughts about my \
suggestions.<br><br>FYI, article submission guidelines have sizes varying, e.g. ISSA \
suggests 1500-3000, MSDN 3000-8000. Also, there is usually some kind of \
property agreement (e.g. ISSA has 18 months of rights before rights revert to \
author). I'm tracking these guidelines if anyone is interested, send me an \
e-mail.<br> <br>Regards,<br><br>Mark<br><br><br><br>
Mark Roxberry, CISSP, CEH<br>
OWASP .NET Project Leader<br><br>
<br><br>
_______________________________________________
Owasp-dotnet mailing list
Owasp-dotnet@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-dotnet
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic