WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

New OWASP Article, Project Update and Summer Conference !

From: Mark Curphey <mark () curphey com>
Date: Thu, 26 Feb 2004 20:04:18 -0500 (EST)
Just wanted to drop a note to say that there is a great new article on the OWASP site called The Web Services 
Architecture and Security by George Capehart.

Its linked off the frontpage http://www.owasp.org

Also as a general OWASP update the Testing project is now scheduled to publish its first release within the next four / 
five weeks. We have split the document into two parts. Part One covers the Why, What, Where and When of testing web 
software and Part 2 which will be published later this year will cover the How. I think you will agree when you see it 
that it will set the pace for real security testing throughout the software development life cycle. It is very much 
focused on testing all aspects of security during the software development life cycle and based on best practices 
learned from the development community. 

Stan Guzik and team are also making great progress on the ISO-17799 project focused on applying ISO-17799 principles to 
the web security lifecycle. 

OASIS WAS is developing well. We will likely publish the Thesaurus and Risk Ranking scheme earlier than the full schema 
(due August) so that people can provide better scrutiny. I really beleive standards bodies are the place to create 
standards not vendor consortiums ! There will be C# and Java WAS execution engines for the Test element in development 
and Ivan Ristic of mod_security fame is now working on the protect element. 

Finally I am very pleased to announce that this summer we will be holding the first OWASP Conference in New York. We 
have a location and a provisional speaker line-up which we will be publishing soon. The 2 day conference will be 
dedicated to web software security topics and there will be presentations and training about OWASP topics such as 
WebGoat and Testing and more specific topics such as Java and .NET security. I think this is a great opportunity for us 
to get some really great speakers together in a great forum. 

More soon !
Previous By Date Next
Previous By Thread Next

Current thread: