[Owasp-delhi] SOA SecurityOwasp-delhi Digest, Vol 22, Issue 15

Pankaj Mittal me at Pankajmittal.com
Tue May 19 20:58:23 EDT 2009


Hi, 

I am looking for some SOA security documenmts wrt to ISO 270001 controls. 

Any help,insight, links will be useful.. 

TIA... 
Pankaj

-----Original Message-----
From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of
owasp-delhi-request at lists.owasp.org
Sent: Tuesday, May 19, 2009 9:30 PM
To: owasp-delhi at lists.owasp.org
Subject: [SPAM] Owasp-delhi Digest, Vol 22, Issue 15

Send Owasp-delhi mailing list submissions to
	owasp-delhi at lists.owasp.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.owasp.org/mailman/listinfo/owasp-delhi
or, via email, send a message with subject or body 'help' to
	owasp-delhi-request at lists.owasp.org

You can reach the person managing the list at
	owasp-delhi-owner at lists.owasp.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Owasp-delhi digest..."


Today's Topics:

   1. 200 Million Facebook Accounts Hacked! (Soi, Dhruv)
   2. FW: [Owasp-leaders] Draft NIST Special Publication	800-118
      Guide to	Enterprise Password Management (Soi, Dhruv)


----------------------------------------------------------------------

Message: 1
Date: Tue, 19 May 2009 13:16:24 +0530
From: "Soi, Dhruv" <dhruv.soi at owasp.org>
Subject: [Owasp-delhi] 200 Million Facebook Accounts Hacked!
To: <owasp-delhi at lists.owasp.org>
Message-ID: <4a1263da.24035a0a.05e5.1f02 at mx.google.com>
Content-Type: text/plain; charset="us-ascii"

Phish the Fish:
http://www.techtree.com/India/News/200_Million_Facebook_Accounts_Hacked/551-
102050-643.html

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090519/a72d0827/
attachment-0001.html 

------------------------------

Message: 2
Date: Tue, 19 May 2009 18:43:16 +0530
From: "Soi, Dhruv" <dhruv.soi at owasp.org>
Subject: [Owasp-delhi] FW: [Owasp-leaders] Draft NIST Special
	Publication	800-118 Guide to	Enterprise Password
Management
To: <owasp-delhi at lists.owasp.org>
Message-ID: <4a12b075.27025a0a.659b.ffff82bd at mx.google.com>
Content-Type: text/plain;	charset="us-ascii"

Might be of your interest as well...

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Colin Watson
Sent: Tuesday, May 19, 2009 6:34 PM
To: owasp-leaders at lists.owasp.org; Global_industry_committee at lists.owasp.org
Subject: [Owasp-leaders] Draft NIST Special Publication 800-118 Guide to
Enterprise Password Management

Leaders

The Industry Committee is preparing an OWASP response to the NIST
draft Special Publication "800-118 Guide to Enterprise Password
Management":

  http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf

Contents:

  1. Introduction
     1.1 Authority
     1.2 Purpose and Scope
     1.3 Audience
     1.4 Guide Structure
  2. Introduction to Passwords and Password Management
  3. Mitigating Threats Against Passwords
     3.1 Password Capturing
       3.1.1 Storage
       3.1.2 Transmission
       3.1.3 User Knowledge and Behavior
     3.2 Password Guessing and Cracking
       3.2.1 Guessing
       3.2.2 Cracking
       3.2.3 Password Strength
       3.2.4 User Password Selection
       3.2.5 Local Administrator Password Selection
     3.3 Password Replacing
       3.3.1 Forgotten Password Recovery and Resets
       3.3.2 Access to Stored Account Information and Passwords
       3.3.3 Social Engineering
     3.4 Using Compromised Passwords
  4. Password Management Solutions
     4.1 Single Sign-On Technology
     4.2 Password Synchronization
     4.3 Local Password Management
     4.4 Comparison of Password Management Technologies

Appendix A- Device and Other Hardware Passwords
Appendix B- Glossary
Appendix C- Acronyms and Abbreviations

This is already a very comprehensive document, but we have drafted
some additional web apllication comments, mainly referencing the OWASP
Development Guide:

  http://www.owasp.org/index.php/Industry:Draft_NIST_SP_800-118

Please let me know any additional ideas, comments, changes via the
wiki (under "Draft 1 Comments), by direct email or using the Industry
Committee mailing list:

  http://www.owasp.org/index.php/Global_Industry_Committee

Our deadline to submit to NIST is 29 May.

Regards

Colin Watson
Global Industry Committee
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders



------------------------------

_______________________________________________
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi


End of Owasp-delhi Digest, Vol 22, Issue 15
*******************************************




More information about the Owasp-delhi mailing list