[WEB SECURITY] OWASP Podcast #26
jim.manico at owasp.org
Wed Jun 17 19:17:44 EDT 2009
I just pushed OWASP Podcast #26 live. We had Tom Brennan (White Hat Security), Jeff Williams (Aspect), Alex Smolen (Foundstone), Andre Gironda (The "House" of AppSec) on the show - a very mixed group with different perspectives.
(If this podcast update is innapropriate here, it will be the last time I do this)
Download options and show notes are here http://www.owasp.org/index.php/Podcast_26 or just grab the mp3 http://www.owasp.org/download/jmanico/owasp_podcast_26.mp3
Thanks for listening!
OWASP Podcast Host
PS : We discussed the following articles on this show, featuring several WASC folks.
http://www.cigital.com/justiceleague/2009/04/16/software-security-2008/ Gary McGraw uses statistics to show that Software Security has come of ag
Michael Sutton discusses history of XSS from Defcon 10 (2002) to the present day (Twitter worm)
Jeremiah uses McDonalds and Mortons as comparatives for black-box vs. white-box security testing
OWASP Catalyst announced
Paco lists 5 reasons for software certifications
Qualys, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced QualysGuard(R) PCI Connect which is the industry's first Software-as-as-Service (SaaS) ecosystem for PCI compliance connecting merchants to multiple partners and security solutions in order to document and meet all 12 requirements for PCI DSS
Rohit Sethi of SecurityCompass posts a blog post on a new Security Compass Labs blog about "Security Analysis of Core Java Enterprise Patterns"
mario heiderich posts some results of browser fuzzing on extraneous characters in tags
The Plynt blog asks the question, "How frequently shoud Applications be Tested?"
Wendel Guglielmetti Henrique from Trustwave and Sandro Gauchi of EnableSecurity spoke at TROOPERS09 in Munch about "The Truth of Web Application Firewalls: what the vendors do NOT want you to know"
Ryan Barnett gives guidance on how best to make VA+WAF work together
Ed Bellis and Trey Ford start a PCI effort to ensure their activities uniformly meet PCI requirements, and for those getting started - to aid in building a website security strategy that also ensures sustainable PCI compliance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity