[SC-L] Dr.Dobb's Interview: Security, .NET, and the OWASP Project

[Dinis Cruz]

Hi, here is an interview that I gave to Dr.Dobb's portal website where I
talk about .NET, OWASP and continue to bang on the Sandbox Drum :)

http://www.ddj.com/security/202300130

Let me know your thoughts on it

Dinis Cruz
Chief OWASP Evangelist
http://www.owasp.org
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

[SC-L] Microsoft Pushes Secure, Quality Code

[Kenneth Van Wyk]

SC-Lers,

Hey, here's some good news out of Microsoft.  According to EWeek,  
"Now for Visual Studio 2008, Microsoft's code analysis team is adding  
some new features, including Code Metrics, a new tool window "that  
allows you to not only get an overall view of the health [code-wise]  
of your application, but also gives you the ability to dig deep to  
find those unmaintainable and complex hotspots," Somasegar said.


For Visual Studio 2008, Code Metrics will ship with five metrics:  
Cyclomatic Complexity, Depth of Inheritance, Class Coupling, Lines of  
Code and Maintainability Index, he said. "


The full story is here http://www.eweek.com/ 
article2/0,1895,2192515,00.asp


Cheers,

Ken
-
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com






smime.p7s
Description: S/MIME cryptographic signature
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

[SC-L] OWASP & WASC AppSec 2007 Conference - Nov 12-15 - San Jose, CA

[Dave Wichers]

OWASP and WASC have agreed to join forces this year to put together an
incredible AppSec 2007 Conference for the application security community,
Nov. 12-15 in San Jose. A huge concentration of industry leading experts
will be in attendance presenting high quality web application security
content. AppSec 2007 offers a unique opportunity for security professionals,
software developers, and IT managers to get up to speed on the latest and
greatest attack techniques, defense strategies, and industry trends in an
atmosphere of peers. The conference format and venue is also perfect for
networking and sharing experiences with others that are down in the
trenches.

 

Full details on the conference are available at:
http://www.owasp.org/index.php/OWASP_

&_WASC_AppSec_2007_Conference 

 

There are many new firsts to this conference that I wanted to mention:

 

1)  This is the first joint OWASP and WASC AppSec Conference

2)  eBay is hosting this conference, which is the first conference being
hosted at a company facility. (Thank you eBay)

3)  Web Services Security Track: A 3rd track has been added on Day 1 for
this topic, which is an important area for OWASP to get involved with (and
it is)

Details on this track are available at:
http://www.owasp.org/index.php/7th_OWASP_AppSec_Conference_-_San_Jose_2007/A
genda#Nov_14:_Track_3:_Web_Services_Security 

4)  Tutorials: The tutorials session has been expanded to 2 full days
and we have five 2-day tutorials this time on Nov 12-13:

a.   Building and Testing Secure Web Applications

b.  Secure Coding for Java EE

c.   Secure Coding .NET Web Applications

d.  Web Services and XML Security

e.  Leveraging OWASP Tools and Documents to Secure Your Enterprise (Our
first OWASP specific tutorial!! - Taught by our Chief Evangelist - Dinis
Cruz)

Tutorial details are available at:
http://www.owasp.org/index.php/7th_OWASP_AppSec_Conference_-_San_Jose_2007/T
raining 

5)  A Technology Expo has been introduced. Vendors of application
security products and managed services will be demonstrating their wares for
the first time at an OWASP conference on Nov 13 and Nov 14.

Tech Expo info is available at:
http://www.owasp.org/index.php/7th_OWASP_AppSec_Conference_-_San_Jose_2007/A
genda#Tech_Expo_-_Nov_13th-14th 

If you are a vendor interested in participating in the expo, more details
are here: http://www.owasp.org/index.php/OWASP_AppSec_Conference_Sponsors 

6)  New Social Events! - Breach is going to again have a cocktail party.
This time its Nov 13. OWASP has its dinner on Nov 14. The OWASP Band!! Is
also playing on Nov 14 (Check with Dinis for details). Microsoft has now
joined in and is having a closing cocktail party on Nov 15 that is being
cosponsored by Aspect Security.

 

I hope to see you there!

 

Thanks, Dave

 

Dave Wichers

OWASP Conferences Chair

[EMAIL PROTECTED]

 

 

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___