Wednesday, June 17, 2009

OWASP Podcast #26 - April News part 2

I just pushed OWASP Podcast #26 live. We had Tom Brennan (White Hat Security), Alex Smolen (Foundstone), Jeff Williams (Aspect) and Andre Gironda (The "House" of AppSec) on the show - a very mixed group with different perspectives.

Download options and show notes are here or just grab the mp3

PS : We discussed the following articles:
4/16 Gary McGraw uses statistics to show that Software (Application) Security has come of age
Michael Sutton discusses history of XSS from Defcon 10 (2002) to the present day (Twitter worm)
Jeremiah uses McDonalds and Mortons as comparatives for black-box vs. white-box security testing
OWASP Catalyst announced
Paco lists 5 reasons for software certifications
Rohit Sethi of SecurityCompass posts a blog post on a new Security Compass Labs blog about "Security Analysis of Core Java Enterprise Patterns"
mario heiderich posts some results of browser fuzzing on extraneous characters in tags
The Plynt blog asks the question, "How frequently shoud Applications be Tested?"
Wendel Guglielmetti Henrique from Trustwave and Sandro Gauchi of EnableSecurity spoke at TROOPERS09 in Munch about "The Truth of Web Application Firewalls: what the vendors do NOT want you to know"
Ryan Barnett gives guidance on how best to make VA+WAF work together
Ed Bellis and Trey Ford start a PCI effort to ensure their activities uniformly meet PCI requirements, and for those getting started - to aid in building a website security strategy that also ensures sustainable PCI compliance.

No comments: