Colleagues,
In 2012, OWASP is holding Global AppSec AsiaPac Conference in Sydney Australia!
OWASP Asia Pacific is the foremost Application Security conference for the
region, and brings together the community in a central meeting for 4 days to
discuss and present on recent and current
The OWASP materials are fairly language neutral. The closest document
to your current requirements is the Developer Guide.
I am also developing a coding standard for Owasp with a likely
deliverable date next year. I am looking for volunteers to help with
it, so if you want a document that
of the world.
thanks,
Andrew van der Stock
Lead Author, OWASP Guide and OWASP Top 10
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available
aid and treating
security as a fundamental software engineering requirement. It's about
time.
thanks,
Andrew van der Stock
Lead Author, OWASP Guide to Writing Secure Applications and OWASP Top 10
___
Secure Coding mailing list (SC-L) SC-L
, but better late
than never. I know a bunch of sites that could use that tool if it
works even 1% as well as the marketing is likely to make out.
thanks,
Andrew van der Stock
Executive Director, OWASP
Project Lead Author, OWASP Guide
On Nov 2, 2007, at 1:45 PM, Peter G. Neumann wrote:
Searching
In my experience of reviewing COBOL and mainframes in general, it's
worthwhile to evaluate doing bad things to the business logic. The
designers are literal in their translation of the business
requirements to specifications, and never think of the mis-use cases.
Mainframe coders aren't
-
From: Andrew van der Stock [mailto:[EMAIL PROTECTED]
Sent: Monday, March 19, 2007 2:50 PM
To: McGovern, James F (HTSC, IT)
Cc: SC-L
Subject: Re: [SC-L] How is secure coding sold within enterprises?
There are two major methods:
1. Opportunity cost / competitive advantage
NB: I am not speaking on behalf of my employer and this is my
personal opinion.
Banks in general do not use smart cards as they suffer from the same
issue as two factor non-transaction signing fobs - they are somewhat
trivial to trick users into giving up a credential. Connected keys
are
Actually, it is a myth.
For every non-trivial system, there are business pressures on
resourcing, deadlines, and acceptable quality (pick any two). Once a
business has set their taste for risk, it makes no sense to spend say
$10m on security controls on a product and delay it for six
Best for older cars...
My other car is a bit more secure
Best for Volvos (or pick another high safety brand):
I wish my finance systems are as safe as this car
Honk if you want secure software
Who has your data? Ask for secure software next time
thanks,
Andrew
smime.p7s
Description: S/MIME
OWASP is pleased to announce the immediate availability of the OWASP
PHP Top 5. The OWASP Top 5 is an education piece which provides up to
date advice to PHP developers, hosters, and other PHP users. The PHP
Top 5 is produced by the OWASP PHP Project.
The PHP Top 5 is based upon attack
Dinis,
Sandboxing prevents a machine from having bad system() and buffer
overflows causing system compromise. Sure that's bad enough. However,
sandboxing does not prevent:
* all types of cross-site scripting
* SQL injection
* Command injection via SQL injection (xp_cmdshell and similar
On 3/29/06, Andrew van der Stock [EMAIL PROTECTED] wrote:
This is not quite true.
Java does not prevent integer overflows (it will not throw an
exception). So you still have to be careful about array indexes.
Andrew
smime.p7s
Description: S/MIME cryptographic signature
Yes! :)
I am speaking at the OWASP EU conference in Belgium (I hope people
speak English 'cos my French is now quite appalling) at the end of
May, and I have a paper submission for O'Reilly's OSCON in early
July. I am still mulling over whether to submit a proposal to
BlackHat as
: Andrew van der Stock [EMAIL PROTECTED]
Date: 7 March 2006 2:54:36 AM
To: kentaro.arai at hidden
Subject: Security problems with Ajax
Kentaro,
In short, yes! :)
I am researching and writing a new chapter on Ajax security for the
OWASP Guide which will be out as soon as it's been properly
reviewed
15 matches
Mail list logo