WebApp Sec mailing list archives
Re: Shameless plug: OWASP Board Elections
From: Seth Art <sethsec () gmail com>
Date: Fri, 24 Oct 2014 16:35:13 -0400
Robin, Thanks so much for the kind words about my talk. I gave an extended version of my talk this past weekend at BSidesDC, and the video just posted a few hours ago: https://www.youtube.com/watch?v=v5DIcAtnKRU. The BSidesDC version includes a demo at the end which will hopefully give people an idea of what is required to go from finding this vulnerability to exploiting it. Back to the real point of this thread: I also would love for this list to become more active. It is one of the very few mailing lists that I allow to go right to my inbox without a filter. :) I think your recommendation is key -- The best way to make the list more useful is to actually use it more. I pledge to do the same as you -- to use this list as a resource whenever possible. One last thought - Since this list is currently at such a low volume, and Andrew has expressed that although he is the moderator, he does not have full control: Should we use this opportunity to reboot and move this list? Turn it into a google group managed list or something similar. We could even take the web part out and call it appsec in a move to include the mobile application people/topics, since they are usually so similar. Or should we just stick to the simple plan and try to revive this list and keep the history in tact. I just looked and this list was pretty crazy back in 2004, 2005! http://seclists.org/webappsec/ Regards, Seth On Wed, Oct 22, 2014 at 1:53 PM, Brian Zaugg <bzaugg () authentic8 com> wrote:
Here! Here! I like the idea of making the list more active and useful. And, a good article on cross-domain policy and CSRF is a great start. BrianOn Tue, Oct 21, 2014 at 9:01 AM, Robin Wood <robin@digi.ninja> wrote:Hi I'd love to see the list going again and getting more use. I think my reason for not using it is that it isn't being used so I forget about it, it needs traffic to gain some traction and remind people it exists. I'll make sure that I post some questions when they come up, see if we can get it moving again. As a start, I've just watched this brilliant explanation of why an open crossdomain policy file is bad, I'd really recommend it to any app testers. http://www.irongeek.com/i.php?page=videos/derbycon4/t505-swf-seeking-lazy-admin-for-cross-domain-action-seth-art Robin PS, as I've just found out, the list doesn't like MIME encoded mails so if you are sending through Gmail make sure you set the mail to plain text. I can't find a way to do this through the Android Gmail client though so if anyone knows how please share. On 21 October 2014 03:46, Andrew van der Stock <vanderaj () greebo net> wrote:Hi there, Apologies for complete self interest where the list admin (me) pushes a personal interest (OWASP). However, I believe the Open Web Application Security Project is on topic for the web application security mail list, and I wouldn't normally do it (you can check - I've been moderator since 2004), but it's important. Beyond the plug below - I am very interested in ways we can revitalise this list. I don't know about you, but getting CFPs and not much else is getting old. Please reply and discuss how we might achieve that, because the list has become pretty moribund. Shameless plug-a-rama: Full disclosure: not only is OWASP a long standing personal interest of mine, I'm also standing for the Board. That said, I'm not asking you to vote for me (although that would be lovely!), I *am* asking you to vote if you are an OWASP member! For those list members who are also OWASP members, please be aware that there was a technical issue in relation to expired members not getting a renewal notice, and thus not getting a ballot to vote. That issue should be resolved now. You have until the 24th to renew and then vote. More details: http://lists.owasp.org/pipermail/owasp-community/2014-October/000399.html The election has been extended to October 31 for all electors to cope with renewals and then give you time to make an informed vote. Please review the candidate interviews, and then place your vote. HIstorically, our elections have been not representative of the OWASP global membership as for whatever reason, members outside of the US chose not to vote as often as OWASP US members. Let's get out the vote! Look through these interviews, work out who are your favorite three candidates, and vote for OWASP's future! https://www.owasp.org/index.php/2014_Board_Elections#2014_Board_Candidate_Interviews End shameless plug thanks, Andrew This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Shameless plug: OWASP Board Elections Andrew van der Stock (Oct 20)
- Re: Shameless plug: OWASP Board Elections Robin Wood (Oct 21)
- Re: Shameless plug: OWASP Board Elections maestro (Oct 21)
- Message not available
- Re: Shameless plug: OWASP Board Elections Brian Zaugg (Oct 22)
- Re: Shameless plug: OWASP Board Elections Seth Art (Oct 26)
- Re: Shameless plug: OWASP Board Elections Robin Wood (Oct 28)
- Re: Shameless plug: OWASP Board Elections Robin Wood (Oct 21)