WebApp Sec mailing list archives
New OWASP Columns
From: Mark Curphey <mark () curphey com>
Date: Thu, 11 Sep 2003 08:35:49 -0400 (EST)
I am pleased to say that the OWASP Columns are now online. The columns are commentary on specific areas of web security with individual articles on specific topics. There are 5 regular columnists covering the topics of Java security (Jeff Williams -Aspect Security), .NET security (Jeremy Poteet - appDefense) , web security management (Mark Curphey), web services security (George Capehart - Capehart Assoc) and IIS security (Joe Lima - Port80 Software). Every week a new article will be published on the site on a rotation basis and the first two articles are now online and I think you will agree they are excellent. Trustworthy Java - Are your apps bulletproof? By Jeff Williams (Aspect Security, Inc.) Posted Monday, September 1, 2003 For the first article in this series on Java security, I thought it would be appropriate to discuss what makes a Java application trustworthy. I know Trustworthy Computing is a Microsoft thing but in this article I'm going to argue that Java folks ought to be paying close attention to what's going on in Redmond. http://www.owasp.org Be Careful What You Say Jeremy Poteet (appDefense) Posted Monday, September 8th, 2003 Hopefully, whether you are a Java programmer or not, you read Jeff Williams' article last week on how Java developers should learn from what Microsoft is doing in security. This is good advice for all of us. Rather than fall into political wars, we need to look at the good and bad of other technologies and see how they can be applied to our situation. That is exactly what Microsoft did in developing .NET. They looked at various technologies, languages, architectures, tools, etc. in determining the approach for .NET. We will look at one of those concepts this week and how .NET takes ideas from Java and C++ and provides a significant security improvement over previous ASP applications. Let's look in on David, a would be attacker, who is trying his best to compromise a typical ASP application. http://www.owasp.org We are having some build problems so please bear with us with some of the formatting. A big thanks to David and Ben for the continued efforts on the portal and of course to Jeff and Jeremy for two great articles so far.
Current thread:
- New OWASP Columns Mark Curphey (Sep 11)