The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
Tuesday, June 4, 2013
OWASP Connector June 4, 2013
OWASP Connector June 4, 2013
FEATURED OWASP PROJECT
OWASP Xenotix XSS Exploit Framework Project The OWASP Xenotix XSS Exploit Framework Project is a penetration testing tool that detects and exploits XSS vulnerabilities in Web Applications. It is basically a payload list based XSS Scanner and XSS Exploitation kit. The exploitation framework will help penetration testers create proof of concept attacks on vulnerable web applications.
VaultDB is a secure NoSQL database management system (DBMS) for modern applications. It supports multi-recipient encryption, table-level encryption, group encryption and comes loaded with a strong cryptosystem.
VaultDB adds automatic transparent encryption to your application's data at the table/document level. Instead of using it's own internal storage engine, VaultDB stores the encrypted data inside your preferred DBMS for storage.
This project aims to explore the threat of an Amplification DoS attack that utilizes web services. Currently, DNS servers are widely misused to amplify DoS traffic. This is called a DNS Amplification or Reflective attack. It appears that SOAP web services that implement WS-Addressing might be vulnerable to similar abuse, as stated in this paper. The aim of the project is to develop tools to test this vulnerability and determine the threat magnitude on a global scale. OWASP Mutillidae 2 Project Project Leader: Jeremy Druin
NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. NOWASP (Mutillidae) can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a web server.
Do you have some news? Submit your item to appear in the next connector HERE
Thank you to Ping Identity, Riverbed Technology, and Sonatype, our newest Corporate Members
Thank you to Imperva and UPS for their Corporate Membership Renewals
THE Q2 2013 MEMBERSHIP DRIVE HAS BEGUN!!!!!!!
Now is the time to make sure your membership is current and up to date! Join or renew between now and June 10th and be eligible to receive one of 22 Cool Prizes! Effective June 1st, you can now join for a 2 year membership or become a LIFETIME Member Click the icon for all the details
Big announcements are coming soon! Training sessions and talk schedule will be posted by June 14th. Be sure to visit the website often for updates on sponsorship opportunities, conference activities, and more!
Registration is opening very soon! Thanks to all for patiently waiting! Check the AppSec Research site for details on the training sessions, talks, and link to registration within the next couple of days.
OWASP is pleased to announce our upcoming Partner Events:
Blackhat 2013 - OWASP Members receive $200 off using discount code: Uurtcw0 SecAppDev - OWASP members receive 10% off using discount promo code: owasp) This code will need to be entered in the comments box to receive the 10% discount
EC Council - Use discount code TDCSTLOWASP for $99 conference passes