[Owasp-cincinnati] Follow up on Webgoat and Webscarab, Next OWASP Meeting Feb. 26th 7 PM

Marco M. Morana marco.m.morana at gmail.com
Tue Feb 12 06:53:04 EST 2008

Fellow OWASP Cincinnati chapter members


There has been a good follow up after the first OWASP chapter meeting. How
to use Webgoat proxy seems to have caught most of the attention.

I mentioned that OWASP recently published some free OWASP books under Lulu
and also a book about OWASP released tools: Webgoat and Webscarab
<http://www.lulu.com/content/1416452> http://www.lulu.com/content/1416452


Using these tools is a great way to learn about web application

The current lesson plan for Webgoat has more than 50 vulnerability test
cases to learn. All basic common vulnerabilities are included such as XSS,
SQL injection, weak session management, broken authentication and
authorization. Web services vulnerabilities are also covered.


Moving forward to the next meeting, I will cover how to look for the root
causes for these vulnerabilities that is insecure source code.

The presentation will cover more in depth the contents of my recently
published article on in-secure magazine available here:



Please mark your calendar for the next OWASP meeting: Tuesday February 26th,
2008, 6.45pm - 7:45pm Presentation start 7.00 pm

Consult the OWASP chapter web page for more details.


Hope to see you there, in the mean time, I hope you'll stay warm and dry ;-)


Marco Morana

OWASP Cincinnati Chapter Leader


 <http://securesoftware.blogspot.com> http://securesoftware.blogspot.com


p.s. If there is any particular sub-topic (e.g. vulnerability, how can be
found, tools etc) that you would like me to talk to please drop me a note,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20080212/b2d67246/attachment.html 

More information about the Owasp-cincinnati mailing list