I just pushed OWASP Podcast #26 live. We had Tom Brennan (White Hat Security), Alex Smolen (Foundstone), Jeff Williams (Aspect) and Andre Gironda (The "House" of AppSec) on the show - a very mixed group with different perspectives.
PS : We discussed the following articles:
- 4/16 http://www.informit.com/articles/article.aspx?p=1338343
- http://www.cigital.com/justiceleague/2009/04/16/software-security-2008/ Gary McGraw uses statistics to show that Software (Application) Security has come of age
- 4/17 http://research.zscaler.com/2009/04/we-used-to-laugh-at-xss.html
- Michael Sutton discusses history of XSS from Defcon 10 (2002) to the present day (Twitter worm)
- 4/17 http://jeremiahgrossman.blogspot.com/2009/04/software-security-grew-to-nearly-500m.html
- Jeremiah uses McDonalds and Mortons as comparatives for black-box vs. white-box security testing
- 4/17 http://jeremiahgrossman.blogspot.com/2009/04/website-threats-and-their-capabilities.html
- OWASP Catalyst announced
- 4/20 http://paco.to/?p=305
- Paco lists 5 reasons for software certifications
- 4/20 http://labs.securitycompass.com/index.php/2009/04/20/security-analysis-of-core-j2ee-design-patterns/
- Rohit Sethi of SecurityCompass posts a blog post on a new Security Compass Labs blog about "Security Analysis of Core Java Enterprise Patterns"
- 4/21 http://docs.google.com/Doc?id=dd7x5smw_16hdd34ggz
- mario heiderich posts some results of browser fuzzing on extraneous characters in tags
- 4/22 http://plynt.com/blog/2009/04/how-frequently-should-an-appli/
- The Plynt blog asks the question, "How frequently shoud Applications be Tested?"
- 4/24 http://www.troopers09.org/content/e3/e445/index_eng.html
- Wendel Guglielmetti Henrique from Trustwave and Sandro Gauchi of EnableSecurity spoke at TROOPERS09 in Munch about "The Truth of Web Application Firewalls: what the vendors do NOT want you to know"
- 4/27 http://tacticalwebappsec.blogspot.com/2009/04/scanner-and-waf-data-sharing.html
- Ryan Barnett gives guidance on how best to make VA+WAF work together
- 4/27 http://www.owasp.org/index.php/Category:OWASP_PCI_Project
- Ed Bellis and Trey Ford start a PCI effort to ensure their activities uniformly meet PCI requirements, and for those getting started - to aid in building a website security strategy that also ensures sustainable PCI compliance.
No comments:
Post a Comment