[Owasp-cincinnati] FW: OWASP Newsletter #16: OWASP at Secure360 Conference, OWASP Internship, OWASP Top 10 in Portuguese

Marco M. Morana marco.m.morana at gmail.com
Sat May 3 07:24:01 EDT 2008


The OWASP newsletter (*) has a link to
<http://cincinnatirecruiter.wordpress.com/2008/04/11/the-new-face-of-cybercr
ime/> The new face of cybercrime post by Andy Erickson blog. 

Enjoy the rest of the reading

Regards

Marco

(*)

OWASP Newsletter #16 (02-May-2008) 

Welcome to the 16th edition of the OWASP Newsletter, featuring OWASP at the
Secure360 Conference, the OWASP Internship, and the release of OWASP's Top
10 in Portuguese. 

I would like to congratulate the OWASP Spain chapter for receiving one of
the most prestigious awards of the security sector in Spain, for their
activity and dissemination of security in applications and Web services in
our country! This award, given by the SIC magazine (www.revistasic.com) in
its nineteenth congress called "Securmática" (www.securmatica.com), involves
the recognition of the effort they are making from Spain to publicize the
objectives and projects the OWASP. 

As always, if you have any content to add to the next edition, please feel
free to add it directly to its WIKI page
<http://www.owasp.org/index.php?title=OWASP_Newsletter_17&action=edit> OWASP
Newsletter 17. 

Alison McNamee OWASP Operations Director Tel: 301-575-0197 eMail:
Alison.mcnamee at owasp.org 

 

Featured Item: OWASP at Secure360 Conference

The OWASP Minneapolis St Paul chapter will be at the Secure360 conference in
Minneapolis May 13th-14th. We will be giving a full session where we will
talk about OWASP, demo projects, resources and even have our own
informational booth thanks to our local sponsors! 

 <http://www.secure360.org> http://www.secure360.org 

 

Featured Item: OWASP Internship

Are you a college student looking for a summer internship in the application
security industry? If so, then OWASP is the place for you! We are currently
looking to fill two internship positions for this summer. These are paid
internships.  <http://www.owasp.org/index.php/OWASP_Internship_2008> Click
Here for more info! 

 

Featured Item: Top 10 in Portuguese

The OWASP Top 10 is now available in Portuguese! To download the Portuguese
version, please
<http://www.owasp.org/images/4/42/OWASP_TOP_10_2007_PT-BR.pdf> Click Here 

 

Latest additions to the WIKI 

New Pages

*                      OWASP_Writing_Style
<http://www.owasp.org/index.php/OWASP_Writing_Style>  

*
AppSecEU08_The_Dynamic_Taint_Propagation_Finding_Vulnerabilities_Without_Att
acking
<http://www.owasp.org/index.php/AppSecEU08_The_Dynamic_Taint_Propagation_Fin
ding_Vulnerabilities_Without_Attacking>  

*                      ASP.NET_Request_Validation
<http://www.owasp.org/index.php/ASP.NET_Request_Validation>  

*                      OWASP_Israel_2008_Conference
<http://www.owasp.org/index.php/OWASP_Israel_2008_Conference>  

*                      OWASP_Orizon_Project_XML
<http://www.owasp.org/index.php/OWASP_Orizon_Project_XML>  

*                      OWASP_Spanish
<http://www.owasp.org/index.php/OWASP_Spanish>  

*                      OWASP_Internationalization
<http://www.owasp.org/index.php/OWASP_Internationalization>  

*                      Belgium_Previous_Events_2008
<http://www.owasp.org/index.php/Belgium_Previous_Events_2008>  

*
AppSecEU08_Evaluation_Criteria_for_Web_Application_Firewalls
<http://www.owasp.org/index.php/AppSecEU08_Evaluation_Criteria_for_Web_Appli
cation_Firewalls>  

*                      CSRFGuard_2.2_Configuration_Manual
<http://www.owasp.org/index.php/CSRFGuard_2.2_Configuration_Manual>  

*                      AppSecEU08_The_OWASP_ORIZON_project
<http://www.owasp.org/index.php/AppSecEU08_The_OWASP_ORIZON_project>  

*                      Education_Track:_OWASP_Capture_the_flag_application
<http://www.owasp.org/index.php/Education_Track:_OWASP_Capture_the_flag_appl
ication>  

*                      Education_Track:_OWASP_Boot_Camp
<http://www.owasp.org/index.php/Education_Track:_OWASP_Boot_Camp>  

*
AppSecEU08_Threat_Modeling_for_Application_Designers_and_Architects
<http://www.owasp.org/index.php/AppSecEU08_Threat_Modeling_for_Application_D
esigners_and_Architects>  

*                      .NET_Incident_Response
<http://www.owasp.org/index.php/.NET_Incident_Response>  

*                      .Net_Project_Wishlist
<http://www.owasp.org/index.php/.Net_Project_Wishlist>  

*                      .NET_Penetration_Testing
<http://www.owasp.org/index.php/.NET_Penetration_Testing>  

*                      CSRFGuard_2.2_ChangeLog
<http://www.owasp.org/index.php/CSRFGuard_2.2_ChangeLog>  

*                      CSRFGuard_2.2_Installation
<http://www.owasp.org/index.php/CSRFGuard_2.2_Installation>  

*                      AppSecEU08_Exploiting_Online_Games
<http://www.owasp.org/index.php/AppSecEU08_Exploiting_Online_Games>  

*
AppSecEU08_Software_Security_State_of_the_Practice_2008
<http://www.owasp.org/index.php/AppSecEU08_Software_Security_State_of_the_Pr
actice_2008>  

*                      OWASP_Internship_2008
<http://www.owasp.org/index.php/OWASP_Internship_2008>  

*
AppSecEU08_Scanstud_-_Evaluating_static_analysis_tools
<http://www.owasp.org/index.php/AppSecEU08_Scanstud_-_Evaluating_static_anal
ysis_tools>  

*                      How_to_Start_an_OWASP_Project
<http://www.owasp.org/index.php/How_to_Start_an_OWASP_Project>  

*
AppSecEU08_Best_Practices_Guide_Web_Application_Firewalls
<http://www.owasp.org/index.php/AppSecEU08_Best_Practices_Guide_Web_Applicat
ion_Firewalls>  

*                      .NET_Security_for_Developers
<http://www.owasp.org/index.php/.NET_Security_for_Developers>  

*                      .NET_Security_for_IT_Professional
<http://www.owasp.org/index.php/.NET_Security_for_IT_Professional>  

*                      OWASP_Board_Meetings_April_Agenda
<http://www.owasp.org/index.php/OWASP_Board_Meetings_April_Agenda>  

*                      AppSecEU08_Dirk_De_Maeyer
<http://www.owasp.org/index.php/AppSecEU08_Dirk_De_Maeyer>  

*
AppSecEU08_How_Data_Privacy_affects_Applications_and_Databases
<http://www.owasp.org/index.php/AppSecEU08_How_Data_Privacy_affects_Applicat
ions_and_Databases>  

*                      AppSecEU08_The_Web_Hacking_Incidents_Database_Project
<http://www.owasp.org/index.php/AppSecEU08_The_Web_Hacking_Incidents_Databas
e_Project>  

*                      .NET_Security_for_Architects
<http://www.owasp.org/index.php/.NET_Security_for_Architects>  

*                       

New Chapter Pages

Norway <http://www.owasp.org/index.php/Norway>  

China-Mainland <http://www.owasp.org/index.php/China-Mainland>  

 

Updated Pages

*                      OWASP_Summer_of_Code_2008
<http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008>  

*                      AppSecEU08_The_OWASP_Anti-Samy_project
<http://www.owasp.org/index.php/AppSecEU08_The_OWASP_Anti-Samy_project>  

*                      ASP.NET_Request_Validation
<http://www.owasp.org/index.php/ASP.NET_Request_Validation>  

*                      OWASP_Israel_2007_Conference
<http://www.owasp.org/index.php/OWASP_Israel_2007_Conference>  

*                      Project_Information:template
<http://www.owasp.org/index.php/Project_Information:template>  

*                      OWASP_Testing_Guide_v3_Table_of_Contents
<http://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents>  

*                      OWASP_Testing_Project_v3_Roadmap
<http://www.owasp.org/index.php/OWASP_Testing_Project_v3_Roadmap>  

*                      Code_Review_Introduction
<http://www.owasp.org/index.php/Code_Review_Introduction>  

*                      .NET_Project_ReOrg_Alpha
<http://www.owasp.org/index.php/.NET_Project_ReOrg_Alpha>  

*                      Testing_for_Cross_site_scripting
<http://www.owasp.org/index.php/Testing_for_Cross_site_scripting>  

*
Front_Range_Web_Application_Security_Summit_Planning_Page
<http://www.owasp.org/index.php/Front_Range_Web_Application_Security_Summit_
Planning_Page>  

*                      CSRFGuard_2.2_Configuration_Manual
<http://www.owasp.org/index.php/CSRFGuard_2.2_Configuration_Manual>  

*                      OWASP_Testing_Guide_v3_Startup
<http://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Startup>  

*                      OWASP_AppSec_Europe_2008_-_Belgium
<http://www.owasp.org/index.php/OWASP_AppSec_Europe_2008_-_Belgium>  

*                      What_are_web_applications?
<http://www.owasp.org/index.php/What_are_web_applications%3F>  

*
OWASP_Summer_of_Code_2008_Applications_-_Need_Futher_Clarifications
<http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications_-_Nee
d_Futher_Clarifications>  

*                      OWASP_Summer_of_Code_2008_Applications
<http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications>  

*                      OWASP_Backend_Security_Project
<http://www.owasp.org/index.php/OWASP_Backend_Security_Project>  

*                      Sponsored_Projects
<http://www.owasp.org/index.php/Sponsored_Projects>  

*                      Man-in-the-middle_attack
<http://www.owasp.org/index.php/Man-in-the-middle_attack>  

*                      Password_length_
<http://www.owasp.org/index.php/Password_length_%26_complexity> &_complexity


*
AppSecEU08_Trends_in_Web_Hacking_Incidents:_What's_hot_for_2008
<http://www.owasp.org/index.php/AppSecEU08_Trends_in_Web_Hacking_Incidents:_
What%27s_hot_for_2008>  

*
OWASP_Summer_of_Code_2008_Applications_-_for_majority_vote
<http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Applications_-_for
_majority_vote>  

*                       

Updated chapter pages:

*                      Denver <http://www.owasp.org/index.php/Denver>  

*                      Suncoast <http://www.owasp.org/index.php/Suncoast>  

*                      Israel <http://www.owasp.org/index.php/Israel>  

*                      Sweden <http://www.owasp.org/index.php/Sweden>  

*                      London <http://www.owasp.org/index.php/London>  

*                      Sydney <http://www.owasp.org/index.php/Sydney>  

*                      Austin <http://www.owasp.org/index.php/Austin>  

*                      Mexico_City/es
<http://www.owasp.org/index.php/Mexico_City/es>  

*                      Boulder <http://www.owasp.org/index.php/Boulder>  

*                      Rochester <http://www.owasp.org/index.php/Rochester>


*                      Ireland <http://www.owasp.org/index.php/Ireland>  

*                      Helsinki <http://www.owasp.org/index.php/Helsinki>  

*                      Virginia_(Northern_Virginia)
<http://www.owasp.org/index.php/Virginia_%28Northern_Virginia%29>  

*                      Montréal
<http://www.owasp.org/index.php/Montr%C3%A9al>  

*                      Switzerland
<http://www.owasp.org/index.php/Switzerland>  

*                      Italy_OWASP_Day_2
<http://www.owasp.org/index.php/Italy_OWASP_Day_2>  

*                      Spain <http://www.owasp.org/index.php/Spain>  

*                      Brazilian <http://www.owasp.org/index.php/Brazilian>


*                      Sacramento
<http://www.owasp.org/index.php/Sacramento>  

*                      Belgium <http://www.owasp.org/index.php/Belgium>  

*                      NYNJMetro <http://www.owasp.org/index.php/NYNJMetro>


*                      Boulderchaptermeetings2007.html
<http://www.owasp.org/index.php/Boulderchaptermeetings2007.html>  

*                      Minneapolis_St_Paul
<http://www.owasp.org/index.php/Minneapolis_St_Paul>  

*                       

New Documents & Presentations from chapters

For a complete list of chapter presentations see the online table of
presentations <http://www.owasp.org/index.php/OWASP_Education_Presentation>
. 

 

OWASP references in the Media

*
<http://blog.modsecurity.org/2008/04/great-talks-at.html> Great talks at
OWASP AppSec Europe 2008 in Belgium 

*
<http://infosec4all.com/2008/04/28/sql-injection-attacks-summary-and-recomme
ndations/> SQL injection attacks summary and recommendations 

*
<http://blogs.computerworld.com/can_we_please_stop_cross_site_scripting_atta
cks> Can we please stop cross site scripting attacks? 

*                    <http://i8jesus.com/?p=19> AntiSamy 1.1.1 released
today! 

*
<http://blogs.computerworld.com/can_we_please_stop_cross_site_scripting_atta
cks> Can We Please Stop Cross Site Scripting Attacks 

*
<http://www.disenchant.ch/blog/global-owasp-week-2008-switzerland/122>
Global OWASP Week 2008-Switzerland 

*
<http://cleartext.wordpress.com/2008/04/10/rocky-mountain-high/> Rocky
Mountain High 

*
<http://cincinnatirecruiter.wordpress.com/2008/04/11/the-new-face-of-cybercr
ime/> The new face of cybercrime 

*                    

 <https://www.owasp.org/index.php/Template:Application_Security_News>
Application Security News Feed

This news feed is moderated by OWASP and will feature high-quality posts
focused on application security that advance the field, provide useful
insight, or are useful educational resources. 

 

May 2 - Big XSS <http://www.disenchant.ch/blog/big-xss-presentation/127>
Presentation (by Disenchant <http://www.disenchant.ch/blog/feed> )

On the 26. March this year, I gave a quiet special guest lecture. I was
teaching students at the Bern University of Applied Sciences Engineering and
Information Technology which are all studying the same as me (computer
science) but they are nearly ...

 

May 1 - Front
<http://blogs.msdn.com/akshay_aggarwal/archive/2008/05/01/front-range-web-ap
plication-security-summit-in-denver.aspx>  Range web application security
summit in Denver (by Akshay Aggarwal
<http://blogs.msdn.com/akshay_aggarwal/rss.xml> )

I will be speaking at the Front Range OWASP Conference (FROCo8) in Denver on
June 10th. The focus of the conference to share the experiences that the
speakers had around solving technical and management issues surrounding
application security. I'll ...

 

May 1 - Inauguration
<http://comments-on-security.blogspot.com/2008/05/inauguration-of-owasp-swed
en.html>  of *OWASP* Sweden (by Security
<http://blogsearch.google.com/blogsearch_feeds?hl=en&client=news&q=owasp&ie=
utf-8&num=10&output=atom>  blog)

Sweden have gotten a local chapter of *OWASP*, the worldwide free and open
community focused on improving the security of application software. On
tuesday the 1st of april 2008 a seminar was scheduled to become the kick-off
to startup *...*

 

May 1 - Older
<http://ha.ckers.org/blog/20080501/older-browsers-blocked-by-paypal/>
Browsers Blocked By PayPal (by RSnake <http://ha.ckers.org/blog/feed/> )

This news is coming in a little late but I thought it was worth talking
about. PayPal apparently is going to start blocking older browsers that it
deems as a security risk to it’s own users. Pretty funny in a way -
consumers can’t protect themselves ...

 

May 1 - Success
<http://securesoftware.blogspot.com/2008/05/success-story-of-owasp-day-ii-he
re-in.html>  story of the OWASP Day II in Italy (by trustedconsultant
<http://feeds.feedburner.com/blogspot/nlgZ> )

I participated to OWASP Italy back in March. OWASP Italy was a success
story: more than 200 attendees, 9 great speakers, 5 sponsors, 1 round table
and an article (in Italian) here: ...

 

May 1 - SDL
<http://blogs.msdn.com/sdl/archive/2008/05/01/sdl-and-the-owasp-top-ten.aspx
>  and the OWASP Top Ten (by sdl <http://blogs.msdn.com/sdl/rss.xml> )

Hi everyone, Bryan here. I’m speaking at BlueHat today and tomorrow about
some of my experiences as a new Security PM here at Microsoft. I’d like to
take this week’s blog entry to share some of my presentation with those of
you that can’t make it in ...

 

Apr 30 - WAFs,
<http://www.neohaxor.org/2008/04/30/wafs-crappy-code-and-pci-66/>  Crappy
Code, and PCI 6.6 (by Nathan <http://www.neohaxor.org/feed/> )

I have had plenty of interesting conversations with people on this topic.
Everyone seems to have a different opinion. There has been quite a bit of
discussion around web application firewalls (WAFs) with the PCI DSS 6.6
requirement looming. I am glad ...

 

Apr 28 - Why
<http://news.google.com/news/url?sa=T&ct=us/0-0&fd=R&url=http://www.it-direc
tor.com/business/paper.php%3Fpaper%3D567&cid=1155158927&ei=o8oYSM-INpG2lgS2o
OjZCw&usg=AFrqEzezSZLgf1cXlJqHHMRvTxZnbeGCLQ>  application security is
crucial - IT-Director.com (by undefined
<http://news.google.com/news?svnum=10&as_scoring=r&ie=UTF-8&oe=utf8&hl=en&q=
%22application+security%22+OR+%22software+security%22&output=rss> )

Why *application security* is crucial IT-Director.com - Apr 28, 2008 Data
protection is the key driver behind *application security* for the vast
majority. 82% of respondents cite compliance with data protection
regulations as *...* 

 

 

Alison McNamee

OWASP Operations Director

9175 Guilford Road

Suite 300

Columbia, MD 21046

301-575-0197 (phone)

301-604-8033 (fax)

 

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080503/80413851/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 50 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080503/80413851/attachment-0001.gif 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00033.txt
Url: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080503/80413851/attachment-0001.txt 


More information about the Owasp-cincinnati mailing list