Friday, April 27, 2012

WebGoat 5.4 Released!


WebGoat 5.4 was released today. Thanks to all of those who sent comments and helped get this release out the door.

This is mainly a long overdue maintenance release, lots of bug fixes and some updates.  Give it a try and feel free to send comments to me, recommend it on Goole Plus, Star it, or file WebGoat Google Issues for bugs, typos or feature requests.

Be the first to download it at:

-- Bruce Mayhew OWASP WebGoat Project Lead

Thursday, April 26, 2012

Welcome our new OWASP Chapters!

Welcome to the members and leaders of our new OWASP chapters!
  • OWASP Rhode Island lead by Patrick Laverty
  • OWASP Canberra, Australia lead by Andrew Muller
  • OWASP Sharqiyah, Saudi Arabia lead by Mohammad Shahat
Please join me in thanking Patrick, Andrew and Mohannad as new OWASP leaders!

Jim Manico
OWASP Connections Committee Chair

AppSec DC 2012 Media Placements

Exciting to see OWASP'ers Jack Mannino, Doug Wilson and others in the news!

 Dark Reading

 Threat Post

 Security Magazine


 OpenSAMM [6]


 Bayshore Networks [8]

 Digital Bond





 White Hat Security 


Monday, April 9, 2012

OWASP Zed Attack Proxy (ZAP) 1.4.0

Hi folks,

I'm very pleased to announce that version 1.4.0 of the OWASP Zed Attack Proxy (ZAP) has now been released.

This release adds the following main features:
  • Syntax highlighting
  • fuzzdb integration
  • Parameter analysis
  • Enhanced XSS scanner
  • A port of some of the Watcher checks
  • Plugable extensions

And a load of bugfixes!

For more information and to download this release please visit the ZAP homepage:

I will also be talking about ZAP at the OWASP AppSec Asia Pacific conference on Saturday 14th April: please come over and say hi!

Many thanks to everyone who has contributed code, language files, enhancement requests, bug reports and general feedback.

Simon Bennetts
OWASP ZAP: Toolsmith Tool of the Year 2011

Tuesday, April 3, 2012

OWASP Security Blitz - April : Injection Attacks

OWASP is starting a monthly security blitz where we will rally the security community around a particular topic.  The topic may be a vulnerability, defensive design approach, technology or even a methodology.  All members of the security community are encouraged to write blog posts, articles, patches to tools, videos etc in the spirit of the current monthly topic.  Our goal is to show a variety of perspectives on the topic from the different perspectives of builders, breakers and defenders.

Today I'm happy to kick off our first month of the OWASP Security Blitz with the topic of:
Injection Attacks - SQL Injection

Please tweet your contributions with hashtag #OWASP and also add a comment to this post with a link to the material.

At the end of the month we will gather the new articles and include a summary in an upcoming OWASP newsletter.  We may even hold a small vote to determine the best contribution of the month.

Let's start the rally!

Michael Coates
Chair of OWASP Board