There are currently, 306 guest(s) and 31 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
New OWASP projects
Posted by cdupuis on Saturday, 11 May 2013 @ 20:23:07 CEST (1039 reads)
NEW OWASP PROJECTS
OWASP Web Application Security Quick Reference Guide Project - Project Leader: Marek Zmyslowski - This will be a simple checklist for Web Application. The unique feature of this project is that all checks will be simple and can be checked by particular testcase. It is simple but can be very informative and useful for testers and coders.
OWASP Application Fuzzing Framework Project - Project Leader: Marek Zmyslowski. The framework will be used to fuzz applications in the Windows environment. It will have a couple of modules. Two main modules will be for ile fuzzing and dll fuzzing. A very wide configuration will allow for many fuzzing possibilities.
OWASP Security JDIs Project - Project Leader: Edwin Aldridge. This project aims to build a library of concise, actionable, technology specific instructions detailing good practice on avoiding or closing specific vulnerabilities. This will be a Security HOWTOs for people who may not have time to study a problem in depth but need to secure their application.
OWASP Top 10 Fuer Entwickler - Project Leader: Torsten Gigler The Top 10 Fuer Entwickler (Top 10 Developer Edition in German) The objectives of the project is to add Good Practices (like the Cheat Sheets) to the OWASP Top 10. Its aim is to bridge the gap between awareness and theoretical knowledge, to effective know-how for the purpose of building good programs. It is written in German to amke it easier for German developers to use it. We will take care to make a migration to other languages easy.
OWASP Rails Goat Project - Project Leader: Ken Johnson This is a Rails application which is vulnerable to the OWASP Top 10. It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each.
OWASP Code Review Table of Contents is now live!
We are currently still recruiting authors that can assist with section development, writing, and editing of the Code Review Guide. This is an excellent opportunity to work on a high profile OWASP Flagship project. Applicants are encouraged to choose to contribute to either a section or the entire chapter. Authors should be knowledgeable about the sections they choose. For more information on the OWASP Code Review Guide, please visit the Project Webpage
OWASP Zed Attack Proxy 2.0.0 Released
Posted by cdupuis on Thursday, 31 January 2013 @ 05:45:24 CET (1156 reads)
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
OWASP ZAP 2.0.0 is now available : http://code.google.com/p/zaproxy/downloads/list
Quick summary of the main changes:
* An integrated add-ons marketplace
* A replacement for the 'standard' Spider
* A new 'Ajax' spider
* Web Socket support
* Session awareness
* Quick Start tab
* User defined Contexts
* Session scope
* Different modes
* A scripting console
* Authentication handling
* More API support
* Fine grained scanning controls
* New and improved active and passive scanning rules
For more details see the OWASP Blog post:
Many thanks to everyone who has contributed code, language files, enhancement requests, bug reports and general feedback.
OWASP ZAP Project leader
OWASP Connector January 22, 2013
Posted by cdupuis on Tuesday, 22 January 2013 @ 18:39:00 CET (1031 reads)
New Projects and Project Volunteer Opportunities
Volunteer Opportunities - Complete information and sign up are on the OWASP initiatives page
- OWASP Crowdtesting - This project will try to promote the idea of crowd-testing combined with crowd-sourcing capabilities. The web applications will be defined as projects and the team of testers will start the security testing. Read more ...
- OWASP Java HTML Sanitizer Project - we need 2-4 people to help review the OWASP Java HTML Sanitizer documentation project.
- OWASP GSD Project Support - this project is in need of a project support volunteer to help with project administrative duties.
- OWASP Mobile Project Assistance - this project is looking for a "project" manager who can help keep track of the many facets of this project
AppSec USA 2013 (www.appsecusa.com), the premier software security conference for Builders, Breakers, and Defenders, will be held November 18-21 at the Marriott Marquis, in Times Square, New York City. Now in it's ninth year, AppSec USA brings together leading global experts in software security for four days of discussion, training, exhibition, and competition.
The 2013 LATAM tour has been scheduled for this Spring! This year's tour will include OWASP Day events and training in the following countries:
Argentina, Uruguay, Chile, Peru, Ecuador, Columbia, Venezuela, Costa Rica, Puerto Rico, Brasilia, Sao Paulo, Curtibia, and Florianopolis!
Five Reasons to Attend AppSec USA 2013
1. Insightful keynote addresses delivered by leading industry visionaries from thought leaders of critical infrastructure.
2. Over 50 sessions across 4 tracks (Builder/Breaker/Defender) with world-renowned subject matter experts
3. Over 2000 attendees exclusively focused on Software Security
4. 30 - minute, 60 - minute, and 90 - minute sessions are offered so you can acquire more knowledge and maximize your Conference learning experience
5. Convenience of Midtown Manhattan
The initial 2013 Global Webinars were held January 10th, 2013. If you were not able to attend, the recordings are available online.
The next webinars will be this Thursday, January 24th at 10am EST and 9pm EST. This session will focus on projects. We are hoping that ALL project leaders (past, present, or future) will be able to join.
- To participate in the 10am (Eastern Time Zone) discussion:
- To participate in the 9pm (Eastern Time Zone) discussion:
OWASP Partners with National Collegiate Cyber Security Competition
The National Collegiate Cyber Defense Competition
The Collegiate Cyber Defense Competition (CCDC) is the first competition system that focuses on the operational aspect of managing and protecting an existing “commercial” network infrastructure. CCDC allows teams of undergraduate and graduate students at universities across the United States to exercise their academic and technical education and compete in a business oriented, defense information assurance competition. CCDC is a tiered competition with qualifying and regional events leading to a national championship.
CCDC Competitions ask students teams to assume administrative and protective duties for an existing “commercial” network – typically a small company with 50+ users, 10-12 servers, and common internet services such as a web server, mail server, and an e-commerce site. Each team begins the competition with an identical set of hardware and software and is scored on their ability to detect and respond to outside threats, maintain availability of existing services, respond to business requests such as the creation of a new e-commerce site, and balance security best practices against business needs. 2013 qualifiers kick off in February with the regional competitions taking place in March and our National CCDC will be held April 19-21, 2013 in San Antonio, TX. More information can be found at Http://nccdc.org
OWASP Long Island Meeting - A hands-on demo of the top web application risks
Posted by cdupuis on Wednesday, 18 January 2012 @ 09:41:46 CET (1762 reads)
OWASP Meeting - A hands-on demo of the top web application risks - Thursday, February 16, 2011
Adelphi University, Garden City, New York
You are invited to the OWASP Long Island chapter meeting. In a continuation of the previous meeting; we have once again organized a lab to demonstrate and discuss various OWASP top 10 vulnerabilities. Please register by using the link below...
When: Thursday, February 16, 2011; 7:00pm - 9:30pm
IT conference room in the lower level of Hagedorn Hall of Enterprise (Building HHE on Map upper right)
Adelphi University, Garden City, NY 11549-1000.
Google map. Campus Map
Once at the building, enter the building from the North and go down the stairs, knock on the door to be let in.
How Much: Free. Pizza and beverages will be provided. This event is supported 100% by OWASP Long Island volunteers. RSVP required:
This chapter meeting has been organized to be a lab; as a result, space is limited in the room to a maximum of 18 people.
Who Are We: We are volunteers of OWASP, a worldwide charitable organization focused on improving the security of application software. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
Meeting Agenda: Dr. Kees Leune - Lab utilizing some of the OWASP 10 vulnerabilities with BackTrack 5.
Topics: Overview of BackTrack Overview of some tools on BackTrack (nmap, JohnTheRipper,MetaSploit) Overview of the lab challenge (covers multiple owasp top 10 vulns)
Bring your own laptop: Laptops are needed if you wish to participate in the lab exercise. Each participant will be provided a copy of Backtrack 5 R1, laptops should be capable of booting off a DVD. Cables, power strips, etc ... will be provided; but make sure you have your own power adapter.
About the Speaker:
Dr. Kees Leune is an Information Security Officer, Strategist, Professor, Mentor, Adviser, Consultant, Speaker and occasional open source developer.
He blogs at http://www.leune.org and can be found on Twitter as @leune.
Kees has extensive experience in information security and holds several professional certifications, including the CISSP, GCIH, GCFA, CISM, and CISA.
To view past meetings, go to https://www.owasp.org/index.php/Long_Island or click here.
To subscribe to the the chapter mailing list, go to https://lists.owasp.org/mailman/listinfo/owasp-longisland or click here.
Your email address will be used for OWASP related notifications only. We will not share it with any third party.
You can cancel your subscription anytime you want.
Owasp-LongIsland mailing list
Helen Gao, CISSP
Chapter leader of OWASP
Securitybyte & OWASP AppSec Asia Conference
Posted by cdupuis on Sunday, 12 September 2010 @ 20:26:35 CEST (2818 reads)
Securitybyte & OWASP AppSec Asia Conference is a forum where Ethical Hackers, Practitioners, Researchers, and Developers in Information Security field, gathers to showcase and exchange new Researches, Innovations, Practical ideas and Experiences. If you are developing, researching, or implementing practical solutions to protect Corporate or Government Information Infrastructures, please consider sharing your experience and expertise at this conference.
First round of CFP submission is July 30th, 2009.
Send your interest and submissions to firstname.lastname@example.org
For any Speaking query, please contact us at email@example.com
We are seeking submissions for both Two days Conference Track & Post conference two days Training workshops in the following areas:
Conference Tracks (17 – 18 Nov, 2009)
You can submit your response for any the following three conference tracks
* CT 1 - Application, Database & Web Security
* CT 2 - Infrastructure Security (Network / Wireless/ Bluetooth / Malware / Forensics / Cyber- terrorism / Physical Security / Information warfare etc.)
* CT 3 - Risk Management / Compliance
Session will have to be delivered in any one of the following Session format for Conference talks:
* Coldfire Sessions (60 Minutes): These sessions are primarily core technical talks and will cover the following categories:
o Zer0 Days / Original Security Research
o Application and Database Security (All Technologies)
o Cyber Terrorism / Critical Infrastructure Issues
o Incidence Response and Defeating Incidence Response
o Electronic Device Security (Cell Phones / PDA’s etc..)
o Infrastructure Security (Wireless, Bluetooth, OS, Device etc)
o Browser Security
o Regulations (PCI, SoX 404, Clause 49 , ISO etc.)
* Rapidfire Sessions (30 Minutes): These sessions are focused around Information Security Management issues that will be addressed through:
o Business Case
o Panel Talk / Open Discussion with more than one speaker
o Upto speed (Old attack vector, new attack technique)
Please provide the following details with your submission:
* Name, title, address, email and phone/contact number
* Session Track (Developer / Application Security or Infrastructure Security or Risk Management)
* Session Format (Coldfire or Rapidfire)
* Short biography, photo, qualification, occupation, achievement and affiliations (limit 250 words).
* Summary or abstract for your presentation (limit 1250 words)
* Technical requirements (video, internet, wireless, audio, etc.)
* References (Contact name, title, email address of two conferences you have spoken at or comparable references)
OSWA-Assistant v0.9.0.6h released
Posted by cdupuis on Sunday, 06 December 2009 @ 09:20:37 CET (2890 reads)
Anonymous writes "
The OSWA-Assistant v0.9.0.6h is now available for download.
This is a maintenance release with more Ralink cards supported (due to changes in vendor IDs reported by certified OSWAs and others) and upgraded tool versions. More importantly is an expanded network-setup/script menu section that allows you to do operational stuff easier, e.g. changing your atheros card headers from Prism2 to Radiotap, etc.
You can download the free LiveCD iso image at http://oswa-assistant.securitystartshere.org
NOTE: LiveUSB creation information is also available from the download page
ANNOUNCING THE NEW "OWASP TESTING GUIDE v3
Posted by cdupuis on Wednesday, 24 December 2008 @ 09:01:01 CET (2548 reads)
Anonymous writes "
OWASP is announcing the new OWASP Testing Guide v3. The project as part of the OWASP Summer of Code, started on April 2008 reviewing the"
version 2, improving it.
The OWASP Testing Guide v3 is a 349 page book; we have split the set of active tests in 9 sub-categories for a total of 66 controls to test
during the Web Application Testing activity.
Each control has an OWASP name, so for example a SQL Injection is called: OWASP-DV-005, meaning that it is the 5th control of the Data
We got a dream team of 21 authors and 4 reviewers: after 6 months of hard work and great team work we realized the v3.
We'd like to ask you to support OWASP to reach the following goals:
*** Continuously improve the guide.
The Guide is a "live" document: we always need your feedback!
Please join our testing mailing list and share your ideas:
*** Promote the Testing Guide.
We would like to have some more media coverage on the guide, so please, if you know somebody in there put them in touch.
If you have the chance, you can write an article about the Testing Guide and the new OWASP Projects.
Also you can pick up the OWASP Testing Guide presentations and talk about it in local conferences and Chapter meetings.
*** Add 'quotes' to the Guide.
We made a special 'quotes' pages for the Testing Guide.
Here we'd want to add all the comments and references to the Guide.
The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a
"low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
Download the Guide Now:
View the Presentation at the OWASP Summit 08:
Join the Project Mailing List:
OWASP-Italy Chair, CISSP, CISA
OWASP Testing Guide lead
OWASP Hartford: February 2009 (Open Web Application Security Project)
Posted by cdupuis on Tuesday, 09 December 2008 @ 08:34:39 CET (28283 reads)
The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software.
Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks.
Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
This event will be of special interest to software developers and architects within your organization. We will be featuring Ramesh Nagappan of Sun, who is the author of several best selling books on SOA and most recently, the book: Core Security Patterns.
We will also have Mary Ruddy of Project Higgins who will provide guidance on incorporating identity into enterprise applications.
The agenda for this meeting is posted at:
To receive future invites, please subscribe to our mailing list at:
NASSCOM's Biggest Information Security Summit - Supported by OWASP India
Posted by cdupuis on Monday, 01 December 2008 @ 22:07:51 CET (2886 reads)
I just wanted to bring it to your kind notice that a biggest information security summit is being organized by NASSCOM in Hyderabad, India on December 2nd-3rd 2008.
Summit features some of the top-notch information security experts who would be addressing some really painful areas in the security domain. Bruce Schneier will address the keynote session to give insight on how to bring real sense in security management practices under the theme “Information Security: Ten Trends”.
Detailed information about the summit is available here:
NOTE: Registrations are closing very soon. To register for this summit, kindly contact firstname.lastname@example.org.
You can submit your registration fee (in the form of cheque/DD in favour of NASSCOM) at the venue as well (Not Paid Registration Counter).
OWASP INDIA is proud to support this initiative and we look forward to see you at the event.
Chair – OWASP India Conferences
Board Member – OWASP Global Conferences
Director – OWASP Delhi Chapter
OWASP AppSec 2008 Conference
Posted by boss on Thursday, 03 July 2008 @ 08:52:10 CEST (13922 reads)
Lou writes "You're invited to two days of Seminars and hardcore hands-on training from the world's best application security technology minds at the upcoming OWASP USA, NYC AppSec 2008 Conference that will take place on September 22nd-25th in NYC.
This event will be the largest APPSEC focused conference in the world with capacity for 1000 attendees and speakers and trainers from around the world.
This event will also have a web application capture the flag event a “can you hack it” event with fame and fortune... hmmm.. ok maybe just prizes and cold beer but you'll have fun ;)
OWASP NY/NJ Metro Chapter and the W3AF Application testing tool
Posted by boss on Thursday, 31 January 2008 @ 21:53:25 CET (8760 reads)
cdupuis writes "NOTE FROM CLEMENT:
This is a repost from the NY/NJ OWASP Chapter mailing list. Thanks for the info Tom it is really appreciated. By the way, do get ready for a great OWASP conference in NY next summer. Here is the posting:
OWASP is all about the promotion of FREE tools to help with the mission of finding and fixing security in code
I wanted to make the OWASP NY/NJ Metro chapter aware as a result of some successful testing last week and exploiting of Web Applications with a new tool known as W3AF
The Web Application Attack and Audit Framework, (W3AF) was written by Andres Riancho, he has also accepted a speaker slot at OWASP NYC 2008
For more information on this FREE web application scanner/exploiter visit: http://w3af.sourceforge.net/faq.php
This tool runs on Linux as well as Windows (http://fuzion.rootmybox.org/?p=13) and OSX and its FREE
Tom Brennan OWASP - www.owasp.org "
NY/NJ Metro OWASP meeting
Posted by boss on Wednesday, 11 July 2007 @ 19:38:59 CEST (2568 reads)
Anonymous writes "*SAVE THE DATE - RSVP EARLY!*
NY/NJ Metro OWASP next meeting will be at the *American Stock Exchange* in NYC on Sept. 27th from 6pm-9pm
** SPECIAL THANK YOU to - Douglas Shin of AMEX **
Call for papers is now open - if you have a technical topic that provides new insight, education or research that can benefit the membership of OWASP http://www.owasp.org , submit now! The call for papers will CLOSE as of Aug 15th for this meeting - get them in now.
Visit http://www.owasp.org/index.php/NYNJMetro for details as they are updated.
======== BLACKHAT VEGAS 2007' REMINDER ==============
OWASP and WASC have joined together to host a combined meetup at Blackhat USA 2007 <http://www.blackhat.com /> in Las Vegas on Aug 1 from 8-9:30 at the Shadow Bar. Breach Security <http://www.breach.com/ > has stepped forward to sponsor the event.
Enjoy the summer ~ see ya in vegas?
Tom Brennan aka: "jinxpuppy""
ANNOUNCING THE OWASP TESTING GUIDE
Posted by boss on Thursday, 22 February 2007 @ 13:05:22 CET (2414 reads)
cdupuis writes "The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
Download the Guide Now:
- http://www.owasp.org/index.php/OWASP_Testing_Project (PDF and DOC)
View the Project Overview Slides:
- http://www.owasp.org/index.php/Image :OWASP_Testing_Guide_Presentation.zip
Join the Project Mailing List:
I would like to thank you all for the great effort in creating the new OWASP Testing Guide v2. The new version is a complete rewrite that subsumes the previous version and includes the "OWASP Web Application Penetration Checklist", Version 1.1 dated 2004.
The project, as part of the OWASP Autumn of Code, started on October 1st 2006 reviewing all the old documentation. The first month we made a call to action to collect all the best security experts on application security asking them to collaborate in writing the Testing Guide.
We set up a 'dream team' of 39 authors and 20 reviewers: after 3 months of hard work and great team work we realized the v2 Release Candidate 1 (RC1) by the 10th of January 2007. From that date to the 10th of February we received numerous great comments: more than 20 articles have been reviewed.
On the 10th of February we published the official version 2: a 272 pages high quality document, with 46 controls divided into 8 categories.
We need help to...
*** Continuously Improve the Guide.
The Guide is a "live" document: we always need your feedback! Please join our testing mailing list and share your ideas with us. The next step is to begin working on the new version: one issue that will be improved is the client side testing.
*** Promote the Testing Guide
We would like to have some more media coverage on the guide, so please, if you know somebody in there put them in touch. If you have the chance, you can write an article about the Testing Guide and the new OWASP Projects. Also you can pick up the OWASP Testing Guide presentations and talk about it in local conferences and Chapter meetings.
*** Translate the Guide into your Local Language If you'd like to translate the Testing Guide in your local language, please contact us.
*** Add 'Quotes' to the Guide.
If you've used the guide and can share your experience, we'd love to hear from you. You can add your quote to the OWASP wiki here:
OWASP-Italy Chair, CISSP, CISA
OWASP Testing Guide lead
OWASP Newsletter #1
Posted by boss on Monday, 08 January 2007 @ 19:42:21 CET (2347 reads)
cdupuis writes "Hello, please find below the 1st OWASP newsletter (also posted in the wiki https://www.owasp.org/index.php/OWASP_Newsletter_1
The idea is to send a newsletter every 1 to 2 weeks, and if you want to include some materials or links in the next one, you have 4 options:
Thanks Aaron for the work done in getting this newsletter together, and as always everybody is invited to comment and help.
Chief OWASP Evangelist, Are you a member yet?
New Version of OWASP Pantera Web Assessmenht Studio
Posted by boss on Thursday, 30 November 2006 @ 17:42:45 CET (28392 reads)
cdupuis writes "Sender's Name: Simon Roses Femerling
Sender's Email: email@example.com
Message: We are happy to announce the new release of Pantera version 0.1.2 with many improvements and fixes :)
- Pantera Site
. To many so we recommend you read the CHANGELOG file :)
Keep is mind Pantera is beta and needs a lot of testing. We are really working hard on making Pantera a value tool so we need your help!!
Thanks to the contributors!!
Simon Roses Femerling
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
|Thursday, November 30|
|·|| Open Web Application Security Project aka: OWASP |
|Thursday, November 09|
|·|| Ajax Security presentation from OWASP meeting |
|Monday, October 30|
|·|| Pantera from OWASP has been released |
|Wednesday, September 06|
|·|| Third OWASP Annual Conference |
|Friday, September 01|
|·|| OWASP Autumn Of Code 2006 |
|Saturday, June 17|
|·|| New development at OWASP |
|Tuesday, April 04|
|·|| New Jersey OWASP meeting on 4/19 |
|Wednesday, February 22|
|·|| OWASP South Florida Chapter |
|Thursday, February 09|
|·|| OWASP Spain Chapter has been launched |
|Friday, February 03|
|·|| OWASP meeting in Toronto Canada |
|Sunday, January 29|
|·|| It is NOT WebGoat, it is the new SiteGenerator |
|Monday, January 23|
|·|| Testers needed for upcoming version of WebScarab |
|Sunday, January 15|
|·|| Web Application Firewall Evaluation Criteria V1 has been released |
|Thursday, January 12|
|·|| The OWASP WASS project |
|Thursday, December 15|
|·|| OWASP news |