All WebGoat 5.4 was released today. Thanks to all of those who sent comments and helped get this release out the door. This is mainly a long overdue maintenance release, lots of bug fixes and some updates. Give it a try and feel free to send comments to me, recommend it on Goole Plus, Star it, or file WebGoat Google Issues for bugs, typos or feature requests. Be the first to download it at: http://code.google.com/p/webgoat/ Enjoy,-- Bruce Mayhew OWASP WebGoat Project Lead
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
Friday, April 27, 2012
WebGoat 5.4 Released!
Thursday, April 26, 2012
Welcome our new OWASP Chapters!
Welcome to the members and leaders of our new OWASP chapters!
Regards,
Jim Manico
OWASP Connections Committee Chair
- OWASP Rhode Island lead by Patrick Laverty
- OWASP Canberra, Australia lead by Andrew Muller
- OWASP Sharqiyah, Saudi Arabia lead by Mohammad Shahat
Regards,
Jim Manico
OWASP Connections Committee Chair
AppSec DC 2012 Media Placements
Exciting to see OWASP'ers Jack Mannino, Doug Wilson and others in the news!
Dark Reading http://www.darkreading.com/security/news/232800023/forensic-approach-to-mobile-app-vulnerability-research.html [2] Threat Post http://threatpost.com/en_us/blogs/executives-abroad-may-get-owned-they-re-tarmac-040812 [3] Security Magazine http://www.securitymagazine.com/articles/82958-executives--phones-vulnerable-abroad [4] InfosecEvents http://infosecevents.net/2012/03/29/information-security-events-for-april/ [5] OpenSAMM http://www.opensamm.org/2012/03/ [6] CityBizList http://dc.citybizlist.com/5/2012/4/2/Aspect-Security-Experts-to-Speak-at-OWASP-AppSec-DC-2012.aspx [7] Bayshore Networks http://www.bayshorenetworks.com/appsec-dc.php [8] Digital Bond http://www.digitalbond.com/2012/04/06/stuxnet-type-attacks-are-easy/ [9] seNet http://www.senet-int.com/2012/04/06/owasp-appsec-2012-conference-review/ [10] GuidePost http://www.guidepointsecurity.com/308/events/conferences/guidepoint-security-presents-on-mobile-security-abroad-at-appsec-dc/ [11] [G13net] http://www.g13net.com/?p=140
[12] Cigital http://www.cigital.com/blog/2012/03/appsec-dc-2012/
[13] White Hat Security https://www.whitehatsec.com/events/events.html
[14] CNash44 http://cnash44.com/blog/?p=298
[15]
Monday, April 9, 2012
OWASP Zed Attack Proxy (ZAP) 1.4.0
Hi folks,
I'm very pleased to announce that version 1.4.0 of the OWASP Zed Attack Proxy (ZAP) has now been released.
This release adds the following main features:
And a load of bugfixes!
For more information and to download this release please visit the ZAP homepage: https://www.owasp.org/index.php/ZAP
I will also be talking about ZAP at the OWASP AppSec Asia Pacific conference on Saturday 14th April: https://www.owasp.org/index.php/AppSecAsiaPac2012#Track_Session_Speakers- please come over and say hi!
Many thanks to everyone who has contributed code, language files, enhancement requests, bug reports and general feedback.
Simon Bennetts
--
OWASP ZAP: Toolsmith Tool of the Year 2011
I'm very pleased to announce that version 1.4.0 of the OWASP Zed Attack Proxy (ZAP) has now been released.
This release adds the following main features:
- Syntax highlighting
- fuzzdb integration
- Parameter analysis
- Enhanced XSS scanner
- A port of some of the Watcher checks
- Plugable extensions
And a load of bugfixes!
For more information and to download this release please visit the ZAP homepage: https://www.owasp.org/index.php/ZAP
I will also be talking about ZAP at the OWASP AppSec Asia Pacific conference on Saturday 14th April: https://www.owasp.org/index.php/AppSecAsiaPac2012#Track_Session_Speakers- please come over and say hi!
Many thanks to everyone who has contributed code, language files, enhancement requests, bug reports and general feedback.
Simon Bennetts
--
OWASP ZAP: Toolsmith Tool of the Year 2011
Tuesday, April 3, 2012
OWASP Security Blitz - April : Injection Attacks
OWASP is starting a monthly security blitz where we will rally the security community around a particular topic. The topic may be a vulnerability, defensive design approach, technology or even a methodology. All members of the security community are encouraged to write blog posts, articles, patches to tools, videos etc in the spirit of the current monthly topic. Our goal is to show a variety of perspectives on the topic from the different perspectives of builders, breakers and defenders.
Today I'm happy to kick off our first month of the OWASP Security Blitz with the topic of:
Injection Attacks - SQL Injection
Please tweet your contributions with hashtag #OWASP and also add a comment to this post with a link to the material.
At the end of the month we will gather the new articles and include a summary in an upcoming OWASP newsletter. We may even hold a small vote to determine the best contribution of the month.
Let's start the rally!
Michael Coates
Chair of OWASP Board
michael.coates@owasp.org
Today I'm happy to kick off our first month of the OWASP Security Blitz with the topic of:
Injection Attacks - SQL Injection
Please tweet your contributions with hashtag #OWASP and also add a comment to this post with a link to the material.
At the end of the month we will gather the new articles and include a summary in an upcoming OWASP newsletter. We may even hold a small vote to determine the best contribution of the month.
Let's start the rally!
Michael Coates
Chair of OWASP Board
michael.coates@owasp.org
Subscribe to:
Posts (Atom)