Friday, April 27, 2012

WebGoat 5.4 Released! 


All

WebGoat 5.4 was released today. Thanks to all of those who sent comments and helped get this release out the door.

This is mainly a long overdue maintenance release, lots of bug fixes and some updates.  Give it a try and feel free to send comments to me, recommend it on Goole Plus, Star it, or file WebGoat Google Issues for bugs, typos or feature requests.

Be the first to download it at: http://code.google.com/p/webgoat/

Enjoy,


-- 
Bruce Mayhew
OWASP WebGoat Project Lead

posted by Jim Manico at 2:29 PM 0 Comments

Thursday, April 26, 2012

Welcome our new OWASP Chapters!

Welcome to the members and leaders of our new OWASP chapters!
  • OWASP Rhode Island lead by Patrick Laverty
  • OWASP Canberra, Australia lead by Andrew Muller
  • OWASP Sharqiyah, Saudi Arabia lead by Mohammad Shahat
Please join me in thanking Patrick, Andrew and Mohannad as new OWASP leaders!

Regards,
Jim Manico
OWASP Connections Committee Chair

posted by Jim Manico at 3:10 PM 1 Comments

AppSec DC 2012 Media Placements 


Exciting to see OWASP'ers Jack Mannino, Doug Wilson and others in the news!


 Dark Reading
http://www.darkreading.com/security/news/232800023/forensic-approach-to-mobile-app-vulnerability-research.html
[2]

 Threat Post
http://threatpost.com/en_us/blogs/executives-abroad-may-get-owned-they-re-tarmac-040812
[3]

 Security Magazine
http://www.securitymagazine.com/articles/82958-executives--phones-vulnerable-abroad
[4]

 InfosecEvents
http://infosecevents.net/2012/03/29/information-security-events-for-april/
[5]

 OpenSAMM
http://www.opensamm.org/2012/03/ [6]

 CityBizList
http://dc.citybizlist.com/5/2012/4/2/Aspect-Security-Experts-to-Speak-at-OWASP-AppSec-DC-2012.aspx
[7]

 Bayshore Networks
http://www.bayshorenetworks.com/appsec-dc.php [8]

 Digital Bond
http://www.digitalbond.com/2012/04/06/stuxnet-type-attacks-are-easy/
[9]

 seNet
http://www.senet-int.com/2012/04/06/owasp-appsec-2012-conference-review/
[10]

 GuidePost
http://www.guidepointsecurity.com/308/events/conferences/guidepoint-security-presents-on-mobile-security-abroad-at-appsec-dc/
[11]

 [G13net]
http://www.g13net.com/?p=140 


[12]

 Cigital
http://www.cigital.com/blog/2012/03/appsec-dc-2012/ 


[13]

 White Hat Security
https://www.whitehatsec.com/events/events.html 


[14]

 CNash44
http://cnash44.com/blog/?p=298 


[15]



    

    

    
    

      posted by Jim Manico at 
     3:02 PM 
      

         0 Comments

      
  
    

  
  

  
  
  
  
  
 

  



    
  
Monday, April 9, 2012

  

  
     
  
  

         
    

	 
	 OWASP Zed Attack Proxy (ZAP) 1.4.0
	 
    

    

	         

	

      
Hi folks,



I'm very pleased to announce that version 1.4.0 of the OWASP Zed Attack Proxy (ZAP) has now been released.



This release adds the following main features:


  • Syntax highlighting
    • 

  • fuzzdb integration
    • 

  • Parameter analysis
    • 

  • Enhanced XSS scanner
    • 

  • A port of some of the Watcher checks
    • 

  • Plugable extensions
    • 



And a load of bugfixes!



For more information and to download this release please visit the ZAP homepage: https://www.owasp.org/index.php/ZAP



I will also be talking about ZAP at the OWASP AppSec Asia Pacific conference on Saturday 14th April: https://www.owasp.org/index.php/AppSecAsiaPac2012#Track_Session_Speakers- please come over and say hi!



Many thanks to everyone who has contributed code, language files, enhancement requests, bug reports and general feedback.



Simon Bennetts

--

OWASP ZAP: Toolsmith Tool of the Year 2011

    

    

    
    

      posted by Jim Manico at 
     9:16 AM 
      

         0 Comments

      
  
    

  
  

  
  
  
  
  
 

  



    
  
Tuesday, April 3, 2012

  

  
     
  
  

         
    

	 
	 OWASP Security Blitz - April : Injection Attacks
	 
    

    

	         

	

      
OWASP is starting a monthly security blitz where we will rally the security community around a particular topic.  The topic may be a vulnerability, defensive design approach, technology or even a methodology.  All members of the security community are encouraged to write blog posts, articles, patches to tools, videos etc in the spirit of the current monthly topic.  Our goal is to show a variety of perspectives on the topic from the different perspectives of builders, breakers and defenders.





Today I'm happy to kick off our first month of the OWASP Security Blitz with the topic of:

Injection Attacks - SQL Injection



Please tweet your contributions with hashtag #OWASP and also add a comment to this post with a link to the material. 



At the end of the month we will gather the new articles and include a summary in an upcoming OWASP newsletter.  We may even hold a small vote to determine the best contribution of the month.



Let's start the rally!







Michael Coates
Chair of OWASP Board
michael.coates@owasp.org

    

    

    
    

      posted by Michael Coates at 
     7:47 AM 
      

         3 Comments