WebApp Sec mailing list archives
New OWASP Article, Project Update and Summer Conference !
From: Mark Curphey <mark () curphey com>
Date: Thu, 26 Feb 2004 20:04:18 -0500 (EST)
Just wanted to drop a note to say that there is a great new article on the OWASP site called The Web Services Architecture and Security by George Capehart. Its linked off the frontpage http://www.owasp.org Also as a general OWASP update the Testing project is now scheduled to publish its first release within the next four / five weeks. We have split the document into two parts. Part One covers the Why, What, Where and When of testing web software and Part 2 which will be published later this year will cover the How. I think you will agree when you see it that it will set the pace for real security testing throughout the software development life cycle. It is very much focused on testing all aspects of security during the software development life cycle and based on best practices learned from the development community. Stan Guzik and team are also making great progress on the ISO-17799 project focused on applying ISO-17799 principles to the web security lifecycle. OASIS WAS is developing well. We will likely publish the Thesaurus and Risk Ranking scheme earlier than the full schema (due August) so that people can provide better scrutiny. I really beleive standards bodies are the place to create standards not vendor consortiums ! There will be C# and Java WAS execution engines for the Test element in development and Ivan Ristic of mod_security fame is now working on the protect element. Finally I am very pleased to announce that this summer we will be holding the first OWASP Conference in New York. We have a location and a provisional speaker line-up which we will be publishing soon. The 2 day conference will be dedicated to web software security topics and there will be presentations and training about OWASP topics such as WebGoat and Testing and more specific topics such as Java and .NET security. I think this is a great opportunity for us to get some really great speakers together in a great forum. More soon !
Current thread:
- New OWASP Article, Project Update and Summer Conference ! Mark Curphey (Feb 26)