[Owasp-cuiaba] Digest Owasp-cuiaba, volume 2, assunto 2

Eleandro S.A eleandro em bsd.com.br
Terça Maio 1 20:06:09 UTC 2012


Muito Bom @Kembole , Conferindo aki já!!


Forte abraço!



*Att,

Eleandro Silva
*
2012/4/30 <owasp-cuiaba-request em lists.owasp.org>

> Send Owasp-cuiaba mailing list submissions to
>        owasp-cuiaba em lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.owasp.org/mailman/listinfo/owasp-cuiaba
> or, via email, send a message with subject or body 'help' to
>        owasp-cuiaba-request em lists.owasp.org
>
> You can reach the person managing the list at
>        owasp-cuiaba-owner em lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-cuiaba digest..."
>
>
> Tópicos de Hoje:
>
>   1. OWASP 2012 Competição Online (Kembolle Amilkar)
>   2. Owasp Guidance Libraries (Kembolle Amilkar)
>   3. Security System Analyzer - Open Standard  Vulnerability &
>      Compliance Scanner (Kembolle Amilkar)
>   4. Security Officers Management and Analysis Project (SOMAP.org)
>      (Kembolle Amilkar)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 30 Apr 2012 18:19:56 -0400
> From: Kembolle Amilkar <haxorcoding em gmail.com>
> To: owasp-cuiaba em lists.owasp.org
> Subject: [Owasp-cuiaba] OWASP 2012 Competição Online
> Message-ID:
>        <CAF0evROk6m9MgCsf-kX13+f0XgLGqbg+8LB+Qx6sz0UWQ=LGaQ em mail.gmail.com
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> Caro especialistas em segurança,
>
> Hacking Lab é o orgulho de anunciar o OWASP próxima linha 2012 hands-on
> competição sobre questões de segurança web. A competição vai começar a
> próxima
> Terça-feira (01 de maio de 2012) e termina 17 junho de 2012. É tudo sobre
> web
> segurança, incluindo os desafios Hackademics Grécia mais alguns avançados
> Hacking Lab-desafios. O vencedor ganhará um bilhete gratuito, quer ao
> OWASP AppSec conferência da UE ou dos EUA em Atenas AppSec.
>
> *Critérios de seleção do vencedor
> a) quantos pontos você recebe (completo)
> b) como completar suas soluções são (qualidade)
> c) o quão rápido você está completando os desafios (tempo)
> d) criatividade, soluções invisíveis fator, totó *
>
> O GEC OWASP (Global Education Committee) e Hacking-Lab tem o
> direito de escolher o vencedor em caso de) uma idêntica à d) os níveis.
> OWASP
> professores, Hacking-Lab voluntários, Compass Segurança pessoal Suíça são
> não tem permissão para jogar. Desculpe por isso, pessoal.
>
> Verificação geral da próxima "OWASP 2012 Competição Online" aqui
> * https://www.hacking-lab.com/events/
>
> Treine seu Cérebro - Explorar Lab-Hacking com essa segurança online
> gratuito
> competição.
>
> obs: google translate, ignore os erros de Concordancia!
> Kembolle Amilkar A.k.A O.liverkall  |  [ www.kembolle.com.br ]
> #/ Systems Analyst | Esp. Information Security | Computer Forensic Expert |
> CSO - Chief Security Officer
> #/  Mobile: [65] 9979-2925  && contato[at]kembolle.com.br
>
> **
> -------------- Próxima Parte ----------
> Um anexo em HTML foi limpo...
> URL: <
> http://lists.owasp.org/pipermail/owasp-cuiaba/attachments/20120430/deb82078/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Mon, 30 Apr 2012 18:42:29 -0400
> From: Kembolle Amilkar <kembolle em owasp.org>
> To: owasp-cuiaba em lists.owasp.org
> Subject: [Owasp-cuiaba] Owasp Guidance Libraries
> Message-ID:
>        <CACdBGOwYOFnpDBQ0tZuKBo34ktq+1NoxXpr185z8tWo0cBws=g em mail.gmail.com
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> Senhores Especialistas! Boa Noite.
> - Venho compartilhar com todos, Material disponibilizado pela Team Mentor.
> [image: Imagem inline 1]
> https://owasp.teammentor.net/html_pages/Gui/TeamMentor.html
>
> Onde na mesma possui varias Checklist, e guias para realização dos ensaios
> de intrusão.
> Meu ponto de vista ótima referencia para se atualizar,  OWASP top 10 -
> versão 2012! (:
> Happy Security!
>
> Kembolle Amilkar
> #/[ kembolle.com.br ] - Consultoria Segurança da Informação.
> #/ [ samurayconsultoria.com.br ] - Chief Security Officer - Samuray
> Consultoria.
> #/ Systems Analyst | Esp. Information Security | Computer Forensic Expert |
> #/ Owasp Chapter Lider Cuiabá - https://www.owasp.org/index.php/Cuiaba
> #/ Mobile: [65] 9979-2925  && contato[at]kembolle.com.br.
> -------------- Próxima Parte ----------
> Um anexo em HTML foi limpo...
> URL: <
> http://lists.owasp.org/pipermail/owasp-cuiaba/attachments/20120430/30e28040/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Mon, 30 Apr 2012 18:48:56 -0400
> From: Kembolle Amilkar <kembolle em owasp.org>
> To: owasp-cuiaba em lists.owasp.org
> Subject: [Owasp-cuiaba] Security System Analyzer - Open Standard
>        Vulnerability & Compliance Scanner
> Message-ID:
>        <CACdBGOyawmL0-g88Tv4Z_Vsx4AX7ikHmEKXkQOko7Oso9BtVrA em mail.gmail.com
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> SSA - Security System Analyzer 2.0
>
> SSA (Security System Analyzer) is free non-intrusive OVAL, FDCC, XCCDF and
> SCAP scanner. It provides security testers, auditors with an advanced
> overview of the security policy level applied.
> Features
>
>   - Version of products installed using CPE enumeration (see
>   http://cpe.mitre.org).
>   - Identify vulnerabilities and discrepancies using the power of OVAL
>   interpreter and his huge database of definitions (see
>   http://oval.mitre.org).
>   - Perform Compliance and Security Checks using the XCCDF - The
>   eXtensible Configuration Checklist Description Format (see
>   http://scap.nist.gov/specifications/xccdf/)
>   - Qualifying the vulnerabilities using CVSS v2.0 scoring system (see
>   http://www.first.org/cvss).
>   - And many new features.
>
> Screenshots
>
> <
> http://lh6.ggpht.com/_bJgatfqy1SQ/TPo1Fnfd3xI/AAAAAAAABCo/yLoi2HAytA0/s640/ssa1.png
> ><
> http://lh5.ggpht.com/_bJgatfqy1SQ/TPo1F3v3hCI/AAAAAAAABCs/Me7TlReW8vc/s640/ssa2.png
> ><
> http://lh6.ggpht.com/_bJgatfqy1SQ/TPo1F01MLTI/AAAAAAAABCw/7hR4aJJHRas/s640/ssa3.png
> >
> NewsDecember 2010 : Release of Beta 002
>
>   - Added the support of XCCDF 1.1.4 (
>   http://scap.nist.gov/specifications/xccdf/)
>   - Display Pass / Fail testcase
>   - Associate Testcase to CCE reference
>   - Added the following Policies and Baselines
>      1. FDCC/SCAP FISMA NIST 800-53 with 5 baselines ( IE7, WinXP,
>      WinVista, Vista Firewall, XP Firewall)
>      2. STIG/SCAP DISA with 2 baselines (Windows XP Security Checklist v6
>      r1 <http://code.google.com/p/ssa/source/detail?r=1>.19 and Windows
>      Vista Security Checkist v6
> r1<http://code.google.com/p/ssa/source/detail?r=1>
>      .19)
>      3. USGCB/SCAP USGCB with 2 baselines (IE8 and Windows 7 X86)
>   - Added export to CSV
>   - Added new directory for logs
>   - Added the ability to maximize Windows
>   - Added a new community page http://teambox.com/public/ssa-v2-beta
>   - Fixed many bugs
>
> November 2010 : Release of Beta 001
>
>   - New UI
>   - New Correlation engine
>   - Integrated XML parser
>   - Integrated HTML viewer
>   - Compliant to OVAL interpreter 5.8.2
>   - Load,verify and consume OVAL Compliance, Vulnerability and Inventory
>   definitions
>   - Enumerate findings (True states)
>   - Support of CVE and CPE (http://cve.mitre.org and http://cpe.mitre.org)
>   - List Results Stats (Global scanned definitions & True reported
>   definitions)
>   - View OVAL HTML results into UI
>
>
> Kembolle Amilkar
> #/[ kembolle.com.br ] - Consultoria Segurança da Informação.
> #/ [ samurayconsultoria.com.br ] - Chief Security Officer - Samuray
> Consultoria.
> #/ Systems Analyst | Esp. Information Security | Computer Forensic Expert |
> #/ Owasp Chapter Lider Cuiabá - https://www.owasp.org/index.php/Cuiaba
> #/ Mobile: [65] 9979-2925  && contato[at]kembolle.com.br.
> -------------- Próxima Parte ----------
> Um anexo em HTML foi limpo...
> URL: <
> http://lists.owasp.org/pipermail/owasp-cuiaba/attachments/20120430/19dee00a/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Mon, 30 Apr 2012 18:56:25 -0400
> From: Kembolle Amilkar <kembolle em owasp.org>
> To: owasp-cuiaba em lists.owasp.org
> Subject: [Owasp-cuiaba] Security Officers Management and Analysis
>        Project (SOMAP.org)
> Message-ID:
>        <CACdBGOytqBAZhxfduxZkQjOy_chcEY=jo3DxuNjFK5PvfjQSrw em mail.gmail.com
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> Open Source IT Risk Management
>
> One of the main goals of the Security Officers Management and Analysis
> Project (SOMAP.org) is to develop and maintain Open Source Information
> Security Risk Management *documents*, *tools* and *utilities*.
>
> It is our strong belief that risk management processes and best practices
> need to be developed and published in an *open and free* kind of way.
> Information Security is *not a competitive issue* and only freely available
> and cooperatively developed risk management utilities and tools can
> potentially lead to a better security management and to further development
> of the whole IT risk management field.
>
> [image: image]
>
> Our activities are concentrating on four sub-projects:
>
> The OGRCM3 project develops and documents a methodology on how to measure
> and manage risk.
>
> The ORIMOR contains a database model which is used as the basis for our own
> risk management framework and tool.
>
> The ORICO Framework and Tool are the (reference) implementation of our own
> maturity management methodology.
> OGRCM3
>
> The The Open Governance, Risk and Compliance Maturity Management
> Methodology<http://somap.org/methodology/default.html> contains
> an overview of the risk and compliance management process and an
> description on *why and how* to manage risk.
> ORIMOR
>
> The Open Risk Model Repository <http://somap.org/repository/default.html>
> are
> actually three things in one:
>
>   - A central repository containing best practice details.
>   - A model how to store risk management data.
>   - An architecture to use a meta layer to store common type information.
>
> ORICO Framework & Tool
>
> The The Open Risk & Compliance Framework and
> Tool<http://somap.org/orico/default.html> are
> two projects in one.
>
>   - The Framework builds the foundation for a risk management tool. It
>   implements all the building blocks like data abstraction and RAD tools
>   which can be used when developing a risk management tool.
>   - The Tool is the reference implementation of the OGRCM3. It makes heavy
>   use of the ORICO Framework and is developed as a desktop as well as a web
>   application
>
>
> Kembolle Amilkar
> #/[ kembolle.com.br ] - Consultoria Segurança da Informação.
> #/ [ samurayconsultoria.com.br ] - Chief Security Officer - Samuray
> Consultoria.
> #/ Systems Analyst | Esp. Information Security | Computer Forensic Expert |
> #/ Owasp Chapter Lider Cuiabá - https://www.owasp.org/index.php/Cuiaba
> #/ Mobile: [65] 9979-2925  && contato[at]kembolle.com.br.
> -------------- Próxima Parte ----------
> Um anexo em HTML foi limpo...
> URL: <
> http://lists.owasp.org/pipermail/owasp-cuiaba/attachments/20120430/54a2e7e5/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> Owasp-cuiaba mailing list
> Owasp-cuiaba em lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-cuiaba
>
>
> Fim da Digest Owasp-cuiaba, volume 2, assunto 2
> ***********************************************
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://lists.owasp.org/pipermail/owasp-cuiaba/attachments/20120501/1d12f38b/attachment-0001.html>


More information about the Owasp-cuiaba mailing list