[SC-L] Security Analysis of the Core J2EE Patterns

[Rohit Sethi]

Hi list,

Security Compass is pleased to announce the launch of SecCom Labs at
http://labs.securitycompass.com - our site dedicated to free security
resources for software developers.

The first major contribution is a security analysis of the Core J2EE
Patterns. We reviewed every pattern and outlined common security
pitfalls and positive security practices based on our experience. Our
hope is that by analying security at the pattern level, we can help
spur secure software at the design phase. We'd really appreciate your
feedback!

We'll be presenting the paper at the RSA conference tomorrow morning
10:10 at Purple 310. We're bringing hard copies of the paper to
distribute at the talk, and we'd love to see you there.

Cheers,



-- 
Rohit Sethi
Security Compass
http://www.securitycompass.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

[SC-L] OWASP Podcast 17

[Jim Manico]

Hello sc-l,

OWASP Podcast 17 - an Interview with Robert RSnake Hansen - is now live. 

Show Notes: https://www.owasp.org/index.php/Podcast_17
Direct Download: http://www.owasp.org/download/jmanico/owasp_podcast_17.mp3
RSS: http://www.owasp.org/download/jmanico/podcast.xml
iTunes: 
http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012

Thanks for listening,
- Jim Manico
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___