SEARCH RESULTS
 
Showing 1-10 of 31 records
 
Expand article

OWASP Day/Week - September 6th

2007-08-28 20:45:00 by Security Retentive in Security Retentive
 
Get in on the fun OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic "Privacy in the 21st Century" : Thursday 6th Sep 2007 https://www.owasp.org/index.php/OWASP Day I'll be at the San Jose meeting, it should be interesting https://www.owasp.org/index.php/San Jose
 
Tags: owasp day, day, owasp, phpowasp day, worldwide owasp, day conferences, thursday 6th sep, https, 21st century
 
 
 
 
Expand article

Thoughts on OWASP Day San Jose/San Francisco

2007-09-11 08:39:00 by Security Retentive in Security Retentive
 
...OWASP day at the eBay campus. Details on the program are at: https://www.owasp.org/index.php/San Jose The turnout was great, somewhere between 40 and 50 people, I didn't get an exact count. There were two sessions for the evening A talk by Tom Stracener of Cenzic on XSS A panel discussion on Privacy with a pretty broad group of security...
 
Tags: privacy, privacy concerns, diverse privacy regulations, privacy policies, privacy considerations, specific privacy regulations, privacy proper, privacy regulations, panel discussion
 
 
 
 
Expand article

SDL and the OWASP Top Ten

2008-05-01 15:46:00 by sdl in The Security Development Lifecycle
 
...OWASP considers to be the Top Ten list of the most important web application security issues 1. Cross-Site Scripting 2. Injection Flaws 3. Malicious File Execution 4. Insecure Direct Object Reference 5. Cross Site Request Forgery 6. Information Leakage and Improper Error Handling 7. Broken Authentication and Session Management 8. Insecure...
 
Tags: security, web application security, top, security standpoint, list, previous list, agile development teams, development teams, security researcher
 
 
 
 
Expand article

OWASP Talk Q&A Notes

The Article has images
2008-07-11 15:36:26 by Gunnar Peterson in 1 Raindrop
...OWASP. The talk was ok, but not as good as at RSA because I Brian Chess did a better job with some of the stories than me. What was really good though was a number of questions and answers afterwards One person asked the old chestnut - "do we need to care about web services security if we are inside the firewall?" Now, I have heard this...
 
Tags: security, additional security, security workflows, security innovation, effective security architecture, web services, gateways, web services security, xml security gateways
 
 
 
 
Expand article

Sun in Microsoft's Rearview Mirror on Software Security

2008-05-09 10:14:50 by Gunnar Peterson in 1 Raindrop
 
...OWASP chapter meetings. Hopefully for the next event, he can figure out how to bring down a dozen or so folks from Sun labs. After all, they probably understand the need for writing secure code more than the Microsoft crowd. This makes me wonder if Pat Patterson has ever attended OWASP meetings on his side of town Would be great to see Sun...
 
Tags: sun, software security, owasp, microsoft, owasp guidance, sun employees, owasp chapter meetings, sun labs, software security patterns
 
 
 
 
Expand article

Web 2.0 Security - The Beginning of the End or The End of the Beginning

The Article has images
2008-05-29 15:26:12 by Gunnar Peterson in 1 Raindrop
...OWASP guide, last I checked is over 300 pages long, when I train and consult with developers, I always ask how many are familiar with OWASP. Less than 20% are in my experience, and of those percentage most only know the OWASP Top Ten. If you have not read the guide and understood the concepts, it is really hard for me to see how your app is...
 
Tags: people, software security people, software security, software security team, security, security people, web, security support, architecture
 
 
 
 
Expand article

Show 021 - A Panel Discussion with Cigitals Principals

The Article has images
2007-12-21 20:40:32 by rmacmich in The Silver Bullet Security Podcast
...OWASP Top 10 for 2007 OWASP The Shmoo Group
 
Tags: software security, security, principal consultant, cigitals principals, panel discussion, security touchpoints, owasp top, owasp, justice league blog
 
 
 
 
Expand article

Links for 2008-02-25 [del.icio.us]

2008-02-26 00:00:00 by Editor in Anton Chuvakin Blog -
 
...OWASP XML Security Gateway Evaluation Criteria Project Latest - OWASP Section 3 - Audit Logging 3.1 Describe the audit logging input and output options 3.2 Describe log analysis tools 3.3 Describe security event notification options 3.4 Where and how is logging integrated into XSG? 3.4.1 How are the logs secu Musings on Information Security...
 
Tags: log management, log, security, spire security viewpoint, risk management, practical risk management, application due care, application, security layers
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...OWASP top-10 as the basis for measure and comes up with metrics that will tell us how we're doing against it The goal of metrics should be, where possible, to create objective measures of something. Whereas some of the metrics described in the paper are quite objective, others are more than a little fuzzy and I don't think represent...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security