[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-guide
Subject: OWASP Newsletter #14 - Employee #2-Paulo Coimbra,
From: "alison mcnamee" <alison.mcnamee () owasp ! org>
Date: 2008-03-04 16:15:59
Message-ID: 554306760803040815w4e6b0eebp186a5570106ddce8 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
*As posted online: https://www.owasp.org/index.php/OWASP_Newsletter_14*
OWASP Newsletter #14 (29-Feb-2008)
Welcome to the 14th edition of the OWASP Newsletter, featuring OWASP
Employee #2 - Paulo Coimbra, the Proposed OWASP Project Assessment and the
OWASP Summer of Code 2008 Project.
As always, if you have any content to add to the next edition, please feel
free to add it directly to its WIKI page OWASP Newsletter
15<https://www.owasp.org/index.php/OWASP_Newsletter_15>.
Alison McNamee - OWASP Operations Director - Alison.mcnamee@owasp.org
Featured Item: OWASP Employee #2, Paulo Coimbra
- Paulo Coimbra (following his recent sucess of managing Spoc 07) as
accepted to become the 2nd OWASP employee (he will be working part-time
until June and full time from then on). Paulo will take on the role of OWASP
Project Management, and here are his first short-term action plan:
1. To launch and manage the new season of code – OWASP Summer of Code
2008.
2. To contribute to and stabilize OWASP's new Project Assessment
Criteria.
3. To contribute to the assessment, and re-assessment, of all OWASP
projects.
4. To build and maintain a wiki page with the status of all OWASP
projects and their assessments.
5. To welcome new developers who are interested in joining OWASP
community.
6. To help project leaders and participants with their projects in any
way that I can.
Featured Item: Proposed OWASP Project Assessment
- OWASP has begun the process of stabilization its *PROJECT ASSESSMENT
CRITERIA*<https://www.owasp.org/index.php/Category:OWASP_Project_Assessment>.
The objective is to have clear and objective requirements for OWASP
project's (for both tools and documentation).
- The current structure is still in flux, so please spend some
time reviewing it and send us your comments.
- The objective is to map all OWASP
Projects<https://www.owasp.org/index.php/Category:OWASP_Project>to the
proposed 3 project modes (Release Quality, Beta Quality and Alpha
Quality) in the next couple months.
Featured Project: OWASP Spring of Code 2008 is about to be launched - March
3rd
- OWASP is about to launch the '*OWASP SUMMER OF CODE
2008'*<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008>(SoC
2008). This follows the successfull OWASP Spring of Code 2007 (SpoC
07), in which 21 projects were sponsored with a budget of US$117,500, and
the OWASP Autumn of Code 2006 (AoC 06), in which 9 projects were sponsored
with a budget of US$20,000.
- The SoC 2008 is an open sponsorship program were
participants/developers are paid to work on OWASP (and web security) related
projects.
- The SoC 2008 is also an opportunity for external individual or
company sponsors to challenge the participants/developers to work in areas
in which they are willing to invest additional funding.
- For more details see:
- OWASP Summer of Code
2008<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008>- Main
page of SoC 08
- OWASP Summer of Code 2008 Press
Release<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Press_Release>-
Press release.
- OWASP Summer of Code 2008
Applications<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications>-
To submit applications.
- OWASP Summer 0f Code 2008 :
Selection<https://www.owasp.org/index.php/OWASP_Summer_0f_Code_2008_:_Selection>-
Jury's evaluation of applications.
- Who Can
Apply?<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Who_Can_Apply.3F>
- How To Participate (To
Developers)<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#How_To_Participate_.28To_Developers.29>
- Schedule<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Schedule>
- Jury and Selection
Criteria<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Jury_and_Selection_Criteria>
- Operational
Rules<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Operational_Rules>
- General
Rules<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#General_Rules>
- SoC 2008
Budget<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#SoC_2008_Budget>
Latest additions to the WIKI New Pages
- OWASP Summer of Code
2008<https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008&rcid=25795>
- OWASP Summer of Code 2008 Press
Release<https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008_Press_Release&rcid=25817>
- OWASP Summer of Code 2008
Applications<https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008_Applications&rcid=25813>
- OWASP Summer of Code 2008 Applications - Proposal
Type<https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008_Applications_-_Proposal_Type&rcid=25815>
- OWASP Summer of Code 2008 -
Selection<https://www.owasp.org/index.php?title=OWASP_Summer_0f_Code_2008_:_Selection&rcid=25823>
- Control Template <http://www.owasp.org/index.php/Control_template>
- JSP JSTL <http://www.owasp.org/index.php/JSP_JSTL>
- ASDR Table of
Contents<http://www.owasp.org/index.php/ASDR_Table_of_Contents>
New Chapter Pages
- Bay Area Past
Events<https://www.owasp.org/index.php?title=Bay_Area_Past_Events&rcid=25951>
- Denver February 2008
Meeting<https://www.owasp.org/index.php?title=Denver_February_2008_meeting&rcid=25896>
- South Africa <http://www.owasp.org/index.php/South_Africa>
Updated Pages
- OWASP AppSec Europe 2008 -
Belgium<https://www.owasp.org/index.php/OWASP_AppSec_Europe_2008_-_Belgium>
- OWASP AJAX Security Project
Roadmap<https://www.owasp.org/index.php/OWASP_AJAX_Security_Project_Roadmap>
- Category:OWASP AJAX Security
Project<https://www.owasp.org/index.php/Category:OWASP_AJAX_Security_Project>
- Testing for AJAX
Vulnerabilities<https://www.owasp.org/index.php/Testing_for_AJAX_Vulnerabilities>
- CSRF Guard 2x
Roadmap<https://www.owasp.org/index.php/CSRF_Guard_2x_Roadmap>
- Category:OWASP Testing
Project<https://www.owasp.org/index.php/Category_talk:OWASP_Testing_Project>
- OWASP DirBuster
Project<https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project>
- OWASP Project
Assessment<https://www.owasp.org/index.php/Category:OWASP_Project_Assessment>
- Front Range Web Application Security Summit Planning
Page<https://www.owasp.org/index.php/Front_Range_Web_Application_Security_Summit_Planning_Page>
- Reviewing Code for Data
Validation<https://www.owasp.org/index.php/Reviewing_Code_for_Data_Validation>
Updated chapter pages:
- Belgium <https://www.owasp.org/index.php/Belgium>
- Bay Area <https://www.owasp.org/index.php/Bay_Area>
- San Jose <https://www.owasp.org/index.php/San_Jose>
- San Francisco Bay
Area<https://www.owasp.org/index.php/San_Francisco_Bay_Area>
- Boulder <https://www.owasp.org/index.php/Boulder>
- Denver <https://www.owasp.org/index.php/Denver>
- Spain <https://www.owasp.org/index.php/Spain>
- Latvia <https://www.owasp.org/index.php/Latvia>
- New Zealand <https://www.owasp.org/index.php/New_Zealand>
- Eugene <https://www.owasp.org/index.php/Eugene>
- Helsinki <https://www.owasp.org/index.php/Helsinki>
- South Africa <https://www.owasp.org/index.php/South_Africa>
- Greece <https://www.owasp.org/index.php/Greece>
- Austin <https://www.owasp.org/index.php/Austin>
- Memphis <https://www.owasp.org/index.php/Memphis>
- NYNJMetro <https://www.owasp.org/index.php/NYNJMetro>
New Documents & Presentations from chapters
- French Translation of OWASP Top
10<https://www.owasp.org/images/c/ce/OWASP_Top_10_2007_-_French.pdf>
For a complete list of chapter presentations see the online table of
presentations <https://www.owasp.org/index.php/OWASP_Education_Presentation>.
OWASP references in the Media
- Your Client-Side Security
Sucks<http://grutztopia.jingojango.net/2008/02/your-client-side-security-sucks.html>
- The Changed Face of Cybercrime<http://www.contractoruk.com/003675.html>
- Authentication & Authorization
Assumptions<http://denimgroup.typepad.com/denim_group/2008/02/authentication.html>
- Locks are to keep the honest people
out<http://cincinnatirecruiter.wordpress.com/2008/02/09/locks-are-to-keep-the-honest-people-out/>
*Application Security News
Feed<https://www.owasp.org/index.php/Template:Application_Security_News>
*
- Feb 28 - The W3C Web API Working Group has posted the first public
working draft of XMLHttpRequest Level 2. "XMLHttpRequest Level 2 enhances
XMLHttpRequest with new features, such as cross-site requests, progress
events, and the handling of byte streams for both sending and receiving."
I'm afraid I'm not familiar enough with XMLHttpRequest Level 1 to tell
immediately what's new
here<http://www.cafeconleche.org/#February_27_2008_69626|>.
(by undefined <http://www.cafeconleche.org/today.rss>) - The W3C Web
API Working Group has posted the first public working draft of
XMLHttpRequest Level 2. "XMLHttpRequest Level 2 enhances XMLHttpRequest with
new features, such as cross-site requests, progress events, and the handling
of byte streams for ...
- Feb 25 - Introducing the Adobe AIR security
model<http://feeds.feedburner.com/~r/developer_center_tutorials/~3/242450087/introduction_to_air_security.html%7C>(by
Lucas
Adamski<http://feeds.feedburner.com/developer_center_tutorials?format=xml|>)
- Learn more about the rationale behind the AIR security model and what you
should consider when building AIR applications.
- Feb 28 - OWASP Hartford
tomorrow<http://feeds.feedburner.com/~r/tssci/~3/242517957/%7C>(by
Marcin <http://feeds.feedburner.com/tssci%7C>) - Tomorrow, February
28th, is the first ever meeting for the brand new Hartford Owasp chapter.
James McGovern, the chapter lead has been putting some effort into starting
it off with a bang, so I hope everyone in the NY/CT/Mass area can make it.
Agenda ...
- Feb 27 - Off the wire: Extended validation certificates and XSS
considered harmful <http://www.net-security.org/news.php?id=15778> (by
Undefined <http://feeds.feedburner.com/HelpNetSecurity>) - A
cross-site scripting vulnerability on the popular
SourceForge.netwebsite shows how Extended Validation SSL certificates
could be exploited by
fraudsters.
- Feb 27 - Security is Everybody's Business - Microsoft Certified
Professional <http://mcpmag.com/columns/article.asp?EditorialsID=950>(by
Undefined<http://news.google.com/news?svnum=10&as_scoring=r&ie=UTF-8&oe=utf8&hl=en&q=%22application+security%22+OR+%22software+security%22&output=rss>)
- Security is Everybody's Business Microsoft Certified Professional - 17
hours ago It seems like all of us really need to understand *application
security*, whether or not that was part of our original training.
Fortunately, a pair of new...
- Feb 27 - Extended Validation SSL certificates not going anywhere, as
predicted <http://blog.ivanristic.com/2008/02/extended-valida.html>(by
ivanr <http://blog.ivanristic.com/atom.xml>) - According to Netcraft,
there are around 4,500 web sites using Extended Validation (EV) SSL
certificates, one year after this new type of certificate was introduced. At
the same time, over 800,000 sites continue to use the old-style
certificates...
- Feb 27 - Polymorphic
Javascript<http://www.thespanner.co.uk/2008/02/27/polymorphic-javascript/>(by
Gareth
Heyes <http://www.thespanner.co.uk/feed/>) - Finding a pattern in
malicious javascript is difficult, it's possible to selectively change the
source code yet still execute the same payload. There are many ways to morph
Javascript and I shall go through a few of the possibilities and provide...
- Feb 26 - Improving Hackvertor: Polymorphic Javascript
Payloads<http://i8jesus.com/?p=15>(by Arshan
Dabirsiaghi <http://i8jesus.com/?feed=atom>) - One of the cooler tools
in the webappsec hacker's handbook is Hackvertor. It's a smart encoding tool
written by Gareth Heyes that helps you craft XSS vectors that pass whatever
filters you're trying to evade. Rather than wasting 3 paragraphs ...
*Alison McNamee*
OWASP Operations Director
9175 Guilford Road
Suite 300
Columbia, MD 21046
301-575-0197 (phone)
301-604-8033 (fax)
[Attachment #5 (text/html)]
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><i style="mso-bidi-font-style: \
normal"><span style="FONT-FAMILY: 'Calibri','sans-serif'"><font \
size="3">As posted online: </font></span><a \
href="https://www.owasp.org/index.php/OWASP_Newsletter_14"><span style="FONT-FAMILY: \
'Calibri','sans-serif'"><font \
size="3">https://www.owasp.org/index.php/OWASP_Newsletter_14</font></span></a></i></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span style="FONT-FAMILY: \
'Calibri','sans-serif'"><font size="3"> </font></span></p> <p \
class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span style="FONT-FAMILY: \
'Calibri','sans-serif'"><font size="3"> </font></span></p> <p \
class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span style="FONT-FAMILY: \
'Calibri','sans-serif'"><font size="3"> </font></span></p> <div \
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; \
PADDING-LEFT: 0in; BACKGROUND: white; PADDING-BOTTOM: 2pt; BORDER-LEFT: medium none; \
PADDING-TOP: 0in; BORDER-BOTTOM: #aaaaaa 1pt solid; mso-element: para-border-div; \
mso-border-bottom-alt: solid #AAAAAA .5pt">
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span style="FONT-FAMILY: \
'Arial','sans-serif'"><font size="3"></font></span></p><span \
style="FONT-FAMILY: 'Calibri','sans-serif'"><font size="3"> \
<h2><span class="mw-headline">OWASP Newsletter #14 (29-Feb-2008) </span></h2> \
<p>Welcome to the 14th edition of the OWASP Newsletter, featuring OWASP Employee #2 - \
Paulo Coimbra, the Proposed OWASP Project Assessment and the OWASP Summer of Code \
2008 Project. </p> <p><br>As always, if you have any content to add to the next \
edition, please feel free to add it directly to its WIKI page <a title="OWASP \
Newsletter 15" href="https://www.owasp.org/index.php/OWASP_Newsletter_15">OWASP \
Newsletter 15</a>. </p>
<p><br>Alison McNamee - OWASP Operations Director - <a \
href="mailto:Alison.mcnamee@owasp.org">Alison.mcnamee@owasp.org</a> </p><a \
name="Featured_Item:_OWASP_Employee_.232.2C_Paulo_Coimbra"></a> <h2><span \
class="mw-headline">Featured Item: OWASP Employee #2, Paulo Coimbra</span></h2> <ul>
<li>Paulo Coimbra (following his recent sucess of managing Spoc 07) as accepted to \
become the 2nd OWASP employee (he will be working part-time until June and full time \
from then on). Paulo will take on the role of OWASP Project Management, and here are \
his first short-term action plan: </li> </ul>
<ol>
<li>To launch and manage the new season of code – OWASP Summer of Code 2008.
<li>To contribute to and stabilize OWASP's new Project Assessment Criteria.
<li>To contribute to the assessment, and re-assessment, of all OWASP projects.
<li>To build and maintain a wiki page with the status of all OWASP projects and their \
assessments. <li>To welcome new developers who are interested in joining OWASP \
community. <li>To help project leaders and participants with their projects in any \
way that I can. </li></li></li></li></li></li></ol><a \
name="Featured_Item:_Proposed_OWASP_Project_Assessment"></a> <h2><span \
class="mw-headline">Featured Item: Proposed OWASP Project Assessment</span></h2> <ul>
<li>OWASP has begun the process of stabilization its <a title="Category:OWASP Project \
Assessment" href="https://www.owasp.org/index.php/Category:OWASP_Project_Assessment"><b>PROJECT \
ASSESSMENT CRITERIA</b></a>. The objective is to have clear and objective \
requirements for OWASP project's (for both tools and documentation). <ul>
<li>The current structure is still in flux, so please spend some time reviewing it \
and send us your comments. <li>The objective is to map all <a title="Category:OWASP \
Project" href="https://www.owasp.org/index.php/Category:OWASP_Project">OWASP \
Projects</a> to the proposed 3 project modes (Release Quality, Beta Quality and Alpha \
Quality) in the next couple months. </li> </li></ul></li></ul><a \
name="Featured_Project:_OWASP_Spring_of_Code_2008_is_about_to_be_launched_-_March_3rd"></a>
<h2><span class="mw-headline">Featured Project: OWASP Spring of Code 2008 is about \
to be launched - March 3rd </span></h2> <ul>
<li>OWASP is about to launch the <a title="OWASP Summer of Code 2008" \
href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008">'<b>OWASP SUMMER \
OF CODE 2008'</b></a> (SoC 2008). This follows the successfull OWASP Spring of \
Code 2007 (SpoC 07), in which 21 projects were sponsored with a budget of US$117,500, \
and the OWASP Autumn of Code 2006 (AoC 06), in which 9 projects were sponsored with a \
budget of US$20,000. <li>The SoC 2008 is an open sponsorship program were \
participants/developers are paid to work on OWASP (and web security) related \
projects. <li>The SoC 2008 is also an opportunity for external individual or company \
sponsors to challenge the participants/developers to work in areas in which they are \
willing to invest additional funding. <li>For more details see:
<ul>
<li><a title="OWASP Summer of Code 2008" \
href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008">OWASP Summer of Code \
2008</a> - Main page of SoC 08 <li><a title="OWASP Summer of Code 2008 Press \
Release" href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Press_Release">OWASP \
Summer of Code 2008 Press Release</a> - Press release. <li><a title="OWASP Summer of \
Code 2008 Applications" \
href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications">OWASP \
Summer of Code 2008 Applications</a> - To submit applications. <li><a title="OWASP \
Summer 0f Code 2008 : Selection" \
href="https://www.owasp.org/index.php/OWASP_Summer_0f_Code_2008_:_Selection">OWASP \
Summer 0f Code 2008 : Selection</a> - Jury's evaluation of applications. <li><a \
title="OWASP Summer of Code 2008" \
href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Who_Can_Apply.3F">Who \
Can Apply?</a> <li><a title="OWASP Summer of Code 2008" \
href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#How_To_Participate_.28To_Developers.29">How \
To Participate (To Developers)</a> <li><a title="OWASP Summer of Code 2008" \
href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Schedule">Schedule</a> \
<li><a title="OWASP Summer of Code 2008" \
href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Jury_and_Selection_Criteria">Jury \
and Selection Criteria</a> <li><a title="OWASP Summer of Code 2008" \
href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#Operational_Rules">Operational \
Rules</a> <li><a title="OWASP Summer of Code 2008" \
href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#General_Rules">General \
Rules</a> <li><a title="OWASP Summer of Code 2008" \
href="https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008#SoC_2008_Budget">SoC \
2008 Budget</a> </li></li></li></li></li></li></li></li></li></li></li></ul></li></li></li></li>
</ul><a name="Latest_additions_to_the_WIKI"></a>
<h2><span class="mw-headline">Latest additions to the WIKI </span></h2><a \
name="New_Pages"></a> <h4><span class="mw-headline">New Pages</span></h4>
<ul>
<li><a class="external text" \
title="https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008&rcid=25795" \
href="https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008&rcid=25795" \
rel="nofollow">OWASP Summer of Code 2008</a> <li><a class="external text" \
title="https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008_Press_Release&rcid=25817" \
href="https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008_Press_Release&rcid=25817" \
rel="nofollow">OWASP Summer of Code 2008 Press Release</a> <li><a class="external \
text" title="https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008_Applications&rcid=25813" \
href="https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008_Applications&rcid=25813" \
rel="nofollow">OWASP Summer of Code 2008 Applications</a> <li><a class="external \
text" title="https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008_Applications_-_Proposal_Type&rcid=25815" \
href="https://www.owasp.org/index.php?title=OWASP_Summer_of_Code_2008_Applications_-_Proposal_Type&rcid=25815" \
rel="nofollow">OWASP Summer of Code 2008 Applications - Proposal Type</a> <li><a \
class="external text" \
title="https://www.owasp.org/index.php?title=OWASP_Summer_0f_Code_2008_:_Selection&rcid=25823" \
href="https://www.owasp.org/index.php?title=OWASP_Summer_0f_Code_2008_:_Selection&rcid=25823" \
rel="nofollow">OWASP Summer of Code 2008 - Selection</a> <li><a class="external \
text" title="http://www.owasp.org/index.php/Control_template" \
href="http://www.owasp.org/index.php/Control_template" rel="nofollow">Control \
Template</a> <li><a class="external text" \
title="http://www.owasp.org/index.php/JSP_JSTL" \
href="http://www.owasp.org/index.php/JSP_JSTL" rel="nofollow">JSP JSTL</a> <li><a \
class="external text" title="http://www.owasp.org/index.php/ASDR_Table_of_Contents" \
href="http://www.owasp.org/index.php/ASDR_Table_of_Contents" rel="nofollow">ASDR \
Table of Contents</a> </li></li></li></li></li></li> </li></li></ul><a \
name="New_Chapter_Pages"></a> <h4><span class="mw-headline">New Chapter \
Pages</span></h4> <ul>
<li><a class="external text" \
title="https://www.owasp.org/index.php?title=Bay_Area_Past_Events&rcid=25951" \
href="https://www.owasp.org/index.php?title=Bay_Area_Past_Events&rcid=25951" \
rel="nofollow">Bay Area Past Events</a> <li><a class="external text" \
title="https://www.owasp.org/index.php?title=Denver_February_2008_meeting&rcid=25896" \
href="https://www.owasp.org/index.php?title=Denver_February_2008_meeting&rcid=25896" \
rel="nofollow">Denver February 2008 Meeting</a> <li><a class="external text" \
title="http://www.owasp.org/index.php/South_Africa" \
href="http://www.owasp.org/index.php/South_Africa" rel="nofollow">South Africa</a> \
</li></li></li></ul><a name="Updated_Pages"></a> <h4><span \
class="mw-headline">Updated Pages</span></h4> <ul>
<li><a class="external text" \
title="https://www.owasp.org/index.php/OWASP_AppSec_Europe_2008_-_Belgium" \
href="https://www.owasp.org/index.php/OWASP_AppSec_Europe_2008_-_Belgium" \
rel="nofollow">OWASP AppSec Europe 2008 - Belgium</a> <li><a class="external text" \
title="https://www.owasp.org/index.php/OWASP_AJAX_Security_Project_Roadmap" \
href="https://www.owasp.org/index.php/OWASP_AJAX_Security_Project_Roadmap" \
rel="nofollow">OWASP AJAX Security Project Roadmap</a> <li><a class="external text" \
title="https://www.owasp.org/index.php/Category:OWASP_AJAX_Security_Project" \
href="https://www.owasp.org/index.php/Category:OWASP_AJAX_Security_Project" \
rel="nofollow">Category:OWASP AJAX Security Project</a> <li><a class="external text" \
title="https://www.owasp.org/index.php/Testing_for_AJAX_Vulnerabilities" \
href="https://www.owasp.org/index.php/Testing_for_AJAX_Vulnerabilities" \
rel="nofollow">Testing for AJAX Vulnerabilities</a> <li><a class="external text" \
title="https://www.owasp.org/index.php/CSRF_Guard_2x_Roadmap" \
href="https://www.owasp.org/index.php/CSRF_Guard_2x_Roadmap" rel="nofollow">CSRF \
Guard 2x Roadmap</a> <li><a class="external text" \
title="https://www.owasp.org/index.php/Category_talk:OWASP_Testing_Project" \
href="https://www.owasp.org/index.php/Category_talk:OWASP_Testing_Project" \
rel="nofollow">Category:OWASP Testing Project</a> <li><a class="external text" \
title="https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project" \
href="https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project" \
rel="nofollow">OWASP DirBuster Project</a> <li><a class="external text" \
title="https://www.owasp.org/index.php/Category:OWASP_Project_Assessment" \
href="https://www.owasp.org/index.php/Category:OWASP_Project_Assessment" \
rel="nofollow">OWASP Project Assessment</a> <li><a class="external text" \
title="https://www.owasp.org/index.php/Front_Range_Web_Application_Security_Summit_Planning_Page" \
href="https://www.owasp.org/index.php/Front_Range_Web_Application_Security_Summit_Planning_Page" \
rel="nofollow">Front Range Web Application Security Summit Planning Page</a> <li><a \
class="external text" \
title="https://www.owasp.org/index.php/Reviewing_Code_for_Data_Validation" \
href="https://www.owasp.org/index.php/Reviewing_Code_for_Data_Validation" \
rel="nofollow">Reviewing Code for Data Validation</a> </li> \
</li></li></li></li></li></li></li></li></li></ul> <p><br></p><a \
name="Updated_chapter_pages:"></a> <h4><span class="mw-headline">Updated chapter \
pages:</span></h4> <ul>
<li><a title="Belgium" href="https://www.owasp.org/index.php/Belgium">Belgium</a>
<li><a title="Bay Area" href="https://www.owasp.org/index.php/Bay_Area">Bay Area</a>
<li><a title="San Jose" href="https://www.owasp.org/index.php/San_Jose">San Jose</a>
<li><a title="San Francisco Bay Area" \
href="https://www.owasp.org/index.php/San_Francisco_Bay_Area">San Francisco Bay \
Area</a> <li><a title="Boulder" \
href="https://www.owasp.org/index.php/Boulder">Boulder</a> <li><a title="Denver" \
href="https://www.owasp.org/index.php/Denver">Denver</a> <li><a title="Spain" \
href="https://www.owasp.org/index.php/Spain">Spain</a> <li><a title="Latvia" \
href="https://www.owasp.org/index.php/Latvia">Latvia</a> <li><a title="New Zealand" \
href="https://www.owasp.org/index.php/New_Zealand">New Zealand</a> <li><a \
title="Eugene" href="https://www.owasp.org/index.php/Eugene">Eugene</a> <li><a \
title="Helsinki" href="https://www.owasp.org/index.php/Helsinki">Helsinki</a> <li><a \
title="South Africa" href="https://www.owasp.org/index.php/South_Africa">South \
Africa</a> <li><a title="Greece" \
href="https://www.owasp.org/index.php/Greece">Greece</a> <li><a title="Austin" \
href="https://www.owasp.org/index.php/Austin">Austin</a> <li><a title="Memphis" \
href="https://www.owasp.org/index.php/Memphis">Memphis</a> <li><a title="NYNJMetro" \
href="https://www.owasp.org/index.php/NYNJMetro">NYNJMetro</a> \
</li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul><a \
name="New_Documents_.26_Presentations_from_chapters"></a> <h4><span \
class="mw-headline">New Documents & Presentations from chapters</span></h4> <ul>
<li><a class="external text" \
title="https://www.owasp.org/images/c/ce/OWASP_Top_10_2007_-_French.pdf" \
href="https://www.owasp.org/images/c/ce/OWASP_Top_10_2007_-_French.pdf" \
rel="nofollow">French Translation of OWASP Top 10</a> </li> </ul>
<p>For a complete list of chapter presentations see <a title="OWASP Education \
Presentation" href="https://www.owasp.org/index.php/OWASP_Education_Presentation">the \
online table of presentations</a>. </p><a name="OWASP_references_in_the_Media"></a> \
<h2><span class="mw-headline">OWASP references in the Media</span></h2> <ul>
<li><a class="external text" \
title="http://grutztopia.jingojango.net/2008/02/your-client-side-security-sucks.html" \
href="http://grutztopia.jingojango.net/2008/02/your-client-side-security-sucks.html" \
rel="nofollow">Your Client-Side Security Sucks</a> <li><a class="external text" \
title="http://www.contractoruk.com/003675.html" \
href="http://www.contractoruk.com/003675.html" rel="nofollow">The Changed Face of \
Cybercrime</a> <li><a class="external text" \
title="http://denimgroup.typepad.com/denim_group/2008/02/authentication.html" \
href="http://denimgroup.typepad.com/denim_group/2008/02/authentication.html" \
rel="nofollow">Authentication & Authorization Assumptions</a> <li><a \
class="external text" \
title="http://cincinnatirecruiter.wordpress.com/2008/02/09/locks-are-to-keep-the-honest-people-out/" \
href="http://cincinnatirecruiter.wordpress.com/2008/02/09/locks-are-to-keep-the-honest-people-out/" \
rel="nofollow">Locks are to keep the honest people out</a> </li> </li></li></li></ul>
<p><br></p><a name="Application_Security_News_Feed"></a>
<h2><span class="mw-headline"><b><a class="external text" \
title="https://www.owasp.org/index.php/Template:Application_Security_News" \
href="https://www.owasp.org/index.php/Template:Application_Security_News" \
rel="nofollow">Application Security News Feed</a></b></span></h2>
<ul>
<li>Feb 28 - <a class="external text" \
title="http://www.cafeconleche.org/#February_27_2008_69626|" \
href="http://www.cafeconleche.org/#February_27_2008_69626|" rel="nofollow">The W3C \
Web API Working Group has posted the first public working draft of XMLHttpRequest \
Level 2. "XMLHttpRequest Level 2 enhances XMLHttpRequest with new features, such \
as cross-site requests, progress events, and the handling of byte streams for both \
sending and receiving." I'm afraid I'm not familiar enough with \
XMLHttpRequest Level 1 to tell immediately what's new here</a>. (by <a \
class="external text" title="http://www.cafeconleche.org/today.rss" \
href="http://www.cafeconleche.org/today.rss" rel="nofollow">undefined</a>) - The W3C \
Web API Working Group has posted the first public working draft of XMLHttpRequest \
Level 2. "XMLHttpRequest Level 2 enhances XMLHttpRequest with new features, such \
as cross-site requests, progress events, and the handling of byte streams for ... \
</li> </ul>
<ul>
<li>Feb 25 - <a class="external text" \
title="http://feeds.feedburner.com/~r/developer_center_tutorials/~3/242450087/introduction_to_air_security.html|" \
href="http://feeds.feedburner.com/~r/developer_center_tutorials/~3/242450087/introduction_to_air_security.html%7C" \
rel="nofollow">Introducing the Adobe AIR security model</a> (by <a class="external \
text" title="http://feeds.feedburner.com/developer_center_tutorials?format=xml|" \
href="http://feeds.feedburner.com/developer_center_tutorials?format=xml|" \
rel="nofollow">Lucas Adamski</a>) - Learn more about the rationale behind the AIR \
security model and what you should consider when building AIR applications. </li> \
</ul> <ul>
<li>Feb 28 - <a class="external text" \
title="http://feeds.feedburner.com/~r/tssci/~3/242517957/|" \
href="http://feeds.feedburner.com/~r/tssci/~3/242517957/%7C" rel="nofollow">OWASP \
Hartford tomorrow</a> (by <a class="external text" \
title="http://feeds.feedburner.com/tssci|" \
href="http://feeds.feedburner.com/tssci%7C" rel="nofollow">Marcin</a>) - Tomorrow, \
February 28th, is the first ever meeting for the brand new Hartford Owasp chapter. \
James McGovern, the chapter lead has been putting some effort into starting it off \
with a bang, so I hope everyone in the NY/CT/Mass area can make it. Agenda ... </li> \
</ul> <ul>
<li>Feb 27 - <a class="external text" \
title="http://www.net-security.org/news.php?id=15778" \
href="http://www.net-security.org/news.php?id=15778" rel="nofollow">Off the wire: \
Extended validation certificates and XSS considered harmful</a> (by <a \
class="external text" title="http://feeds.feedburner.com/HelpNetSecurity" \
href="http://feeds.feedburner.com/HelpNetSecurity" rel="nofollow">Undefined</a>) - A \
cross-site scripting vulnerability on the popular SourceForge.net website shows how \
Extended Validation SSL certificates could be exploited by fraudsters. </li> </ul>
<ul>
<li>Feb 27 - <a class="external text" \
title="http://mcpmag.com/columns/article.asp?EditorialsID=950" \
href="http://mcpmag.com/columns/article.asp?EditorialsID=950" rel="nofollow">Security \
is Everybody's Business - Microsoft Certified Professional</a> (by <a \
class="external text" \
title="http://news.google.com/news?svnum=10&as_scoring=r&ie=UTF-8&oe=utf8& \
amp;hl=en&q=%22application+security%22+OR+%22software+security%22&output=rss" \
href="http://news.google.com/news?svnum=10&as_scoring=r&ie=UTF-8&oe=utf8&a \
mp;hl=en&q=%22application+security%22+OR+%22software+security%22&output=rss" \
rel="nofollow">Undefined</a>) - Security is Everybody's Business Microsoft Certified \
Professional - 17 hours ago It seems like all of us really need to understand \
*application security*, whether or not that was part of our original training. \
Fortunately, a pair of new... </li> </ul>
<ul>
<li>Feb 27 - <a class="external text" \
title="http://blog.ivanristic.com/2008/02/extended-valida.html" \
href="http://blog.ivanristic.com/2008/02/extended-valida.html" \
rel="nofollow">Extended Validation SSL certificates not going anywhere, as \
predicted</a> (by <a class="external text" \
title="http://blog.ivanristic.com/atom.xml" \
href="http://blog.ivanristic.com/atom.xml" rel="nofollow">ivanr</a>) - According to \
Netcraft, there are around 4,500 web sites using Extended Validation (EV) SSL \
certificates, one year after this new type of certificate was introduced. At the same \
time, over 800,000 sites continue to use the old-style certificates... </li> </ul>
<ul>
<li>Feb 27 - <a class="external text" \
title="http://www.thespanner.co.uk/2008/02/27/polymorphic-javascript/" \
href="http://www.thespanner.co.uk/2008/02/27/polymorphic-javascript/" \
rel="nofollow">Polymorphic Javascript</a> (by <a class="external text" \
title="http://www.thespanner.co.uk/feed/" href="http://www.thespanner.co.uk/feed/" \
rel="nofollow">Gareth Heyes</a>) - Finding a pattern in malicious javascript is \
difficult, it's possible to selectively change the source code yet still execute the \
same payload. There are many ways to morph Javascript and I shall go through a few of \
the possibilities and provide... </li> </ul>
<ul>
<li>Feb 26 - <a class="external text" title="http://i8jesus.com/?p=15" \
href="http://i8jesus.com/?p=15" rel="nofollow">Improving Hackvertor: Polymorphic \
Javascript Payloads</a> (by <a class="external text" \
title="http://i8jesus.com/?feed=atom" href="http://i8jesus.com/?feed=atom" \
rel="nofollow">Arshan Dabirsiaghi</a>) - One of the cooler tools in the webappsec \
hacker's handbook is Hackvertor. It's a smart encoding tool written by Gareth Heyes \
that helps you craft XSS vectors that pass whatever filters you're trying to evade. \
Rather than wasting 3 paragraphs ... </li> </ul>
<div class="printfooter"> </div></font></span></div>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><b style="mso-bidi-font-weight: \
normal"><span style="mso-fareast-font-family: 'Times New Roman'; \
mso-fareast-theme-font: minor-fareast; mso-no-proof: yes"><font face="Times New \
Roman" size="3">Alison McNamee</font></span></b></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span \
style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: \
minor-fareast; mso-no-proof: yes"><font face="Times New Roman" size="3">OWASP \
Operations Director</font></span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span \
style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: \
minor-fareast; mso-no-proof: yes"><font face="Times New Roman" size="3">9175 Guilford \
Road</font></span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span \
style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: \
minor-fareast; mso-no-proof: yes"><font face="Times New Roman" size="3">Suite \
300</font></span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span \
style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: \
minor-fareast; mso-no-proof: yes"><font face="Times New Roman" size="3">Columbia, MD \
21046</font></span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span \
style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: \
minor-fareast; mso-no-proof: yes"><font face="Times New Roman" size="3">301-575-0197 \
(phone)</font></span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span \
style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: \
minor-fareast; mso-no-proof: yes"><font face="Times New Roman" size="3">301-604-8033 \
(fax)</font></span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><span \
style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: \
minor-fareast; mso-no-proof: yes"><font face="Times New Roman" \
size="3"> </font></span></p>
_______________________________________________
To unsubscribe from the Owasp-all mailing list, you will need to unsubscribe yourself \
from all OWASP mailing lists you belong too. This list is automatically generated to \
allow OWASP to contact all it’s members in one distribution.
Best regards, OWASP
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic