[Owasp-netherlands] An update on OWASP activities
seba at owasp.org
Thu Nov 11 04:33:42 EST 2010
OWASP update: we had a LOT of activities on OWASP projects lately.
If you want to get involved: just volunteer to Paulo or the project leader!
More updates at OWASP BeNeLux 2010: register at www.owaspbenelux.eu.
*A. RELEASES’ ASSESSMENTS AND NEW LEADERSHIPS *
*1 **OWASP ModSecurity CRS Project, led by Ryan Barnett,* has been
under intense work development and has produced recently various releases.
Its version ModSecurity2.0.6 has been reviewed and assessed and was
consequently rated Stable Quality Release.
*2 *In a record time the *OWASP Secure Coding Practices - Quick
Reference Guide, led by Keith Turpin,* has had its third release assessed
and consequently rated as Stable Quality.
*3 *The* OWASP AppSensor Project*, *led by Michael Coates*, has
important developments (new tool) and is currently under review targeting a
Stable Release rating.* *
*4 *The* OWASP O2 Platform, led by Dinis Cruz, *has important
developments (new release)* *and is currently* *under review targeting a
Stable Release rating.
*5 *The* **OWASP Development Guide* has new project leaders. *Vishal
Garg** and **Anurag Agarwal* are currently assuming the role previously
performed by *Andrew van der Stock*.
*6 *The *OWASP JBroFuzz Project* has a new leadership. *Yiannis
Pavlosoglou* has been replaced by *Ranulf Green*.
*7 *The* **OWASP Enterprise Application Security Project* has been
recently adopted by Alexander Polyakov.
*8 *The* **OWASP CTF Project* has a new leader. Martin Knobloch has
been replaced by Steven van der Baan.
*B. PROJECTS RECENTLY SET UP (LAST FOUR MONTHS)*
*1 **OWASP College Chapters Program*, led by Jeff Williams. **
This initiative will help to extend application security into colleges and
*2 **OWASP Alchemist Project*, co-lead by Bishan Singh, Chandrakanth
Narreddy and Naveen Rudrappa.
This project enables a software development team in realization of highly
secure and defensible application with built-in defences/controls against
security‐related design, coding and implementation flaws.
*3 **OWASP Browser Security Project, created by initiative of Dave
Wichers & Michael Coates.*
This project still has no clear leadership but the main effort has been made
by the above referred.
*4 **OWASP Uniform Reporting Guidelines, led by Vlad Gostomelsky. *
This project will complement the OWASP Testing Guide as well as the OWASP
RFP Template. This is going to be a reporting template for vulnerability
findings which will be free, base on industry best practices and hopefully
will become the de facto standard.**
*5 **OWASP Zed Attack Proxy Project, led by Psiinon.*
This project provides an easy to use integrated penetration testing tool for
testing web applications and provides automated scanners as well as a set of
tools that allow you to find security vulnerabilities manually.
*6 **OWASP Secure Web Application Framework Manifesto, led Rohit
This project is a document detailing a specific set of security requirements
for developers of web application frameworks to adhere to.
*7 **OWASP Mobile Security Project, led by Jack Mannino and Mike
The OWASP Mobile Security Project will help the community better understand
the risks present in mobile applications, and learn to defend against them.*
*8 **OWASP Application Security Skills Assessment, led by Neil
This project (aka OWASP ASSA) is an online multiple-choice quiz built to
help individuals understand their strengths and weaknesses in specific
application security skills.
*9 **OWASP Fiddler Addons for Security Testing Project**, led by
This project (aka OWASP FAST) is the umbrella for two complementary projects
i.e. the *Watcher Project,* a passive vulnerability scanner, and the *X5s
Project*, an active XSS testing and input/output encoding detection.
*D. PROJECTS TO BE SOON SET UP*
*1* OWASP *ESAPI Objective C*
*2* OWASP *PASSWD*
*3* OWASP *Eclipse plug-in*
*4* OWASP *Open-sourcing JXT*
*5* OWASP *A10-Unvalidated Forwards*
*D. PROJECTS TO BE SOON RESET UP*
*1* All the Cross-Site Request Forgery (*CSRF*) related contents. **
*E. OTHER NEWS*
*1 *Three major *OWASP Guides – Development, Testing and Code Review* –
are being pushed by their leaders and contributors to reasonably soon
publish a new release. Each of them has been funded with 5,000 dollars.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-netherlands