WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shameless plug: OWASP Board Elections

From: Seth Art <sethsec () gmail com>
Date: Fri, 24 Oct 2014 16:35:13 -0400
Robin,

Thanks so much for the kind words about my talk.   I gave an extended
version of my talk this past weekend at BSidesDC, and the video just
posted a few hours ago:  https://www.youtube.com/watch?v=v5DIcAtnKRU.
The BSidesDC version includes a demo at the end which will hopefully
give people an idea of what is required to go from finding this
vulnerability to exploiting it.

Back to the real point of this thread: I also would love for this list
to become more active. It is one of the very few mailing lists that I
allow to go right to my inbox without a filter.  :)

I think your recommendation is key -- The best way to make the list
more useful is to actually use it more. I pledge to do the same as you
-- to use this list as a resource whenever possible.

One last thought - Since this list is currently at such a low volume,
and Andrew has expressed that although he is the moderator, he does
not have full control:  Should we use this opportunity to reboot and
move this list?  Turn it into a google group managed list or something
similar.   We could even take the web part out and call it appsec in a
move to include the mobile application people/topics, since they are
usually so similar.

Or should we just stick to the simple plan and try to revive this list
and keep the history in tact. I just looked and this list was pretty
crazy back in 2004, 2005!

http://seclists.org/webappsec/

Regards,

Seth

On Wed, Oct 22, 2014 at 1:53 PM, Brian Zaugg <bzaugg () authentic8 com> wrote:


Here! Here! I like the idea of making the list more active and useful.
And, a good article on cross-domain policy and CSRF is a great start.

Brian



On Tue, Oct 21, 2014 at 9:01 AM, Robin Wood <robin@digi.ninja> wrote:


Hi
I'd love to see the list going again and getting more use. I think my
reason for not using it is that it isn't being used so I forget about
it, it needs traffic to gain some traction and remind people it
exists.

I'll make sure that I post some questions when they come up, see if we
can get it moving again.

As a start, I've just watched this brilliant explanation of why an
open crossdomain policy file is bad, I'd really recommend it to any
app testers.

http://www.irongeek.com/i.php?page=videos/derbycon4/t505-swf-seeking-lazy-admin-for-cross-domain-action-seth-art

Robin

PS, as I've just found out, the list doesn't like MIME encoded mails
so if you are sending through Gmail make sure you set the mail to
plain text. I can't find a way to do this through the Android Gmail
client though so if anyone knows how please share.

On 21 October 2014 03:46, Andrew van der Stock <vanderaj () greebo net> wrote:

Hi there,

Apologies for complete self interest where the list admin (me) pushes
a personal interest (OWASP). However, I believe the Open Web
Application Security Project is on topic for the web application
security mail list, and I wouldn't normally do it (you can check -
I've been moderator since 2004), but it's important.

Beyond the plug below - I am very interested in ways we can revitalise
this list. I don't know about you, but getting CFPs and not much else
is getting old. Please reply and discuss how we might achieve that,
because the list has become pretty moribund.

Shameless plug-a-rama:

Full disclosure: not only is OWASP a long standing personal interest
of mine, I'm
also standing for the Board. That said, I'm not asking you to vote for
me (although that would be lovely!), I *am* asking you to vote if you
are an OWASP member!

For those list members who are also OWASP members, please be aware
that there was a technical issue in relation to expired members not
getting a renewal notice, and thus not getting a ballot to vote. That
issue should be resolved now. You have until the 24th to renew and
then vote. More details:

http://lists.owasp.org/pipermail/owasp-community/2014-October/000399.html

The election has been extended to October 31 for all electors to cope
with renewals and then give you time to make an informed vote.

Please review the candidate interviews, and then place your vote.
HIstorically, our elections have been not representative of the OWASP
global membership as for whatever reason, members outside of the US
chose not to vote as often as OWASP US members. Let's get out the
vote!

Look through these interviews, work out who are your favorite three
candidates, and vote for OWASP's future!

https://www.owasp.org/index.php/2014_Board_Elections#2014_Board_Candidate_Interviews

End shameless plug

thanks,
Andrew



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------







This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: