AppSec DC, the East Coast's premier information security conference,
returns with AppSec DC 2012 (http
http://www.appsecdc.org/://http://www.appsecdc.org/
www http://www.appsecdc.org/.
http://www.appsecdc.org/AppSecDChttp://www.appsecdc.org/
. http://www.appsecdc.org/org http://www.appsecdc.org/).
Hi Gary,
You may wish to consider the OWASP Legal Project at
https://www.owasp.org/index.php/Category:OWASP_Legal_Project which is
a positive, free, and open resource to assist in building legal
contractal agreements around software security with your vendors.
The state of NY procurement and
I’ve been pretty brutal with my opinions on Adobes security posture lately
(an opinion that is far from unique in our industry). However, recent
releases of PDF reader give me hope for the future.
http://blogs.adobe.com/asset/2010/10/inside-adobe-reader-protected-mode-part-1-design.html
Ben,
These threats are only relevant for client-side Java, for the most part.
It's my opinion that all enterprises should remove Java from all clients.
Java is most commonly deployed server-side which has a completely
different threat model than client side Java.
A lot of smart people disagree
Hello Matt,
Java EE still has NO support for escaping and lots of other important
security areas. You need something like OWASP ESAPI to make a secure app
even remotely possible. I was once a Sun guy, and I'm very fond of Java and
Sun. But JavaEE 6 does very little to raise the bar when it comes
Hello SC-L!
The OWASP Podcast Series continues to accelerate! We released 5 podcasts
this month which I hope you find to be of value.
39August 25, 2009Listen
Nowhttp://www.owasp.org/download/jmanico/owasp_podcast_39.mp3
| Show Notes /index.php/Podcast_39Interview with Gunnar Peterson
Hello SC-L,
We've been rather busy at the OWASP Podcast Series lately!
Since June 1st the OWASP Podcast Team has released 9 Podcasts!
Please take a look at our show list at
http://www.owasp.org/index.php/OWASP_Podcast#tab=Latest_Shows
Recent features Podcasts include
1. An interview with