After the call we were chatting about OWASP learning tools, and the Web
Goat one is pretty cool. I ran through some of it a few years ago (as
part of a larger formal class). It's basically an insecure j2ee app you
run locally, and for each exercise you have to exploit it and then fix it.
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
-s
On 05/10/2012 12:57 AM, Burke Mamlin wrote:
OpenMRS Devs,
Can you name on of your biggest security concerns about OpenMRS? Is
there something that you think we could be doing better regarding
security in the OpenMRS API, application, or within our OpenMRS modules?
We're fortunate to have Jim Manico <http://www.manico.net/> joining us
in today's developers forum <https://wiki.openmrs.org/x/vQkJAg>. Jim
is a security expert and educator and has worked with the OpenMRS team
in the past, so we're lucky to have some of his time to discuss
security issues around OpenMRS.
* What is XSS?
* What is SQL Injection?
* What is Cross Site Request Forgery?
* Authentication best practices?
* Access Control Design best practices
* What is Clickjacking?
We can answer these and more. Please bring your security-related
questions, concerns, and ideas to today's Developers Forum!
When: Today, Thursday 10-May, 10-11 ET / 14-15 UTC
<http://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenMRS+Developers+Forum&iso=20120510T10&p1=105&ah=1>
Where: http://connect.openmrs.org (Developers Forum) via Adobe Connect
screen sharing and/or Skype
Cheers,
-Burke
------------------------------------------------------------------------
Click here to unsubscribe
<mailto:lists...@listserv.iupui.edu?body=SIGNOFF%20openmrs-devel-l>
from OpenMRS Developers' mailing list
_________________________________________
To unsubscribe from OpenMRS Developers' mailing list, send an e-mail to
lists...@listserv.iupui.edu with "SIGNOFF openmrs-devel-l" in the body (not
the subject) of your e-mail.
[mailto:lists...@listserv.iupui.edu?body=SIGNOFF%20openmrs-devel-l]