Stream

Join this community to post or comment

Ole Aass

Tutorial  - 
 
Security Sucks originally shared:
 
The past days I have been playing around with command injection vulnerabilities when grep is used in web applications in combination with user controlled input, and possible ways to bypass different filters etc. In this article I will write about what I…
1
Add a comment...
 
Surfing safely over the Tor anonymity network - Part 2: Tor Browser, Georg Koppen. From the OWASP Gothenburg chapter meeting (btw, we have a bunch of great security talks on our channel https://www.youtube.com/user/owaspgbg )
1
Add a comment...
 
PoSeidon, A Deep Dive Into Point of Sale Malware http://www.hackinsight.org/news,282.html
When consumers make purchases from a retailer, the transaction is processed through Point-of-Sale (PoS) systems. When a credit or debit card is used, a PoS system is used to read the information stored on the magnetic stripe on the back of the credit card. Once this information gets stolen from a merchant, it can be encoded into a magnetic stripe and used with a new card. 
3
Add a comment...
 
All you wanted to know about the Secure SDLC..
All you wanted to know about the Secure Software Development Life Cycle, which helps locate vulnerabilities early and speeds up the remediation process.
2
Add a comment...

Seba Deleersnyder
moderator

Discussion  - 
 
Join us for the first OWASP SAMM Project Summit in Dublin on 27-28 March
Friday is User Day covering talks, training and round tables followed by a social event. Topics are:
OpenSAMM at HP by Michael Craigue, HP
Application Security? There is a metric for that! by Yan Kravchenko, NetSPI
SAMM introduction and hands-on training by Bart De Win, PWC & Sebastien Deleersnyder, Toreon
SAMM round tables by Kuai Hinojosa, McAfee/Foundstone & Jerry Hoff, WhiteHat Security
SAMM Project 71 by Justin Clarke, Gotham Digital Science & John Dickson, Denim Group
SAMM Evolutions by Pravir Chandra, Bloomberg
 
Saturday is Project Day covering the release of version 1.1, workshops and roadmap discussions.
Topics that will be covered in "Summit Mode" during the day are:
Analysis templates / tooling
SAMM model improvements
What to put in next release / roadmap
Finalizing / publishing OpenSAMM v1.1
Project 71 follow-up (benchmark repository)
Participate and steer one of our great flagship projects to the next level!

Details and registration on owasp.org/index.php/OWASP_SAMM_Summit_2015

Follow us on @OwaspSAMM twitter.com/owaspsamm

Kind regards,
SAMM project team,
Seba
1
Add a comment...
 
Open Source Components: Underestimated Application Security Loopholes..
Open source components may have a direct impact on the quality of your application. Vulnerabilities in open source components are discovered from time to time, and while often fixed very quickly, you need to make sure that you know of them when they are discovered and can apply the right measures when necessary.
1
Add a comment...
 
Checkmarx Introduces New API For Safer Swift Development..
1
Add a comment...

Ole Aass

Discussion  - 
 
Ole Aass originally shared:
 
After setting up a couple of Kali Linux machines I got bored of going through the process of installing the additional tools recommended by The Hacker Playbook so I decided to write a bash script to automate the process.. And there's no reason for me sitting on this code alone, so here it is.
This is an automated script to install the additional tools for Kali Linux recommended by The Hacker Playbook
4
Ole Aass's profile photo
 
Update: Fixed dated SMBexec link to point to the new repo
Add a comment...
 
https://www.owasp.org/index.php/OWASP_Dependency_Track_Project
4
2
Peter Magnusson's profile photoyovana puma's profile photoTimur Khrotko (x)'s profile photo
 
It is a great tool, great concept.
Add a comment...
 
OWASP Code Pulse Project: http://www.hackinsight.org/news,239.html
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a cross-platform desktop application that runs on most major platforms.  
3
5
Charles Fair's profile photoHao ZHANG's profile photoSylvain MARET's profile photoDominik Winter's profile photo
 
Great Work! im now reading this i love to present this new project to my upcoming Seminar :)
Keep it Up! more power!
Add a comment...

About this community

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Website: www.owasp.org
 
 
Spike 1.0.1b is a modern and easy to use Linux distribution based on Sabayon, hence on Gentoo, following an extreme, yet reliable, rolling release model. This is a beta release generated, tested and published to mirrors by our build servers containing the latest and greatest collection of ...
View original post
1
Add a comment...
 
More about the XSS vulnerability in the AliExpress website..
1
2
Cristian Latapiat's profile photoKiàn-Pang Koeh (isaackuo)'s profile photo
Add a comment...
 
OWASP Proactive Controls http://www.hackinsight.org/news,280.html
The OWASP Top Ten Proactive Controls describes the most important control and control categories that every architect and developer should absolutely, 100% include in every project.
8
4
Martin Horsley's profile photoLuboš Fryc's profile photo
Add a comment...

Joe Pettit

Discussion  - 
 
A recent report issued by the Industrial Control Systems Cyber Emergency Response Team (ISC-CERT) revealed that the organization responded to nearly 250 incidents last year, 55 percent of which involved advanced persistent threats (APT).

+Tripwire, Inc. 
  A recent report issued by the Industrial Control Systems Cyber Emergency Response Team (ISC-CERT) revealed that the organization responded to nearly 250 incidents last year, 55 percent of which involved advanced persistent threats (APT). According to the September 2014-February 2015 ICS-CERT Monitor newsletter, the energy sector was once again the most targeted industry in …… Read More
1
1
Terence Teo's profile photo
Add a comment...

Seba Deleersnyder
moderator

OWASP  - 
 
Join us for the first OWASP SAMM Project Summit in Dublin on 27-28 March
Friday is User Day covering talks, training and round tables followed by a social event. Topics are:
OpenSAMM at HP by Michael Craigue, HP
Application Security? There is a metric for that! by Yan Kravchenko, NetSPI
SAMM introduction and hands-on training by Bart De Win, PWC & Sebastien Deleersnyder, Toreon
SAMM round tables by Kuai Hinojosa, McAfee/Foundstone & Jerry Hoff, WhiteHat Security
SAMM Project 71 by Justin Clarke, Gotham Digital Science & John Dickson, Denim Group
SAMM Evolutions by Pravir Chandra, Bloomberg
 
Saturday is Project Day covering the release of version 1.1, workshops and roadmap discussions.
Topics that will be covered in "Summit Mode" during the day are:
Analysis templates / tooling
SAMM model improvements
What to put in next release / roadmap
Finalizing / publishing OpenSAMM v1.1
Project 71 follow-up (benchmark repository)
Participate and steer one of our great flagship projects to the next level!

Details and registration on owasp.org/index.php/OWASP_SAMM_Summit_2015

Follow us on @OwaspSAMM twitter.com/owaspsamm

Kind regards,
SAMM project team,
Seba
1
Add a comment...
 
According to a recent study, only 18 percent of retail IT security professionals are concerned that cybercriminals are targeting point of sale (PoS) devices installed on their networks, and only 20 percent are “confident” that those same devices are securely configured.

By +David Bisson of +Tripwire, Inc. 
Only 18 percent of retail IT security professionals are concerned that cybercriminals are targeting PoS devices installed on their networks
1
1
David Bisson's profile photo
Add a comment...

Gugz Singh

Discussion  - 
 
Hi,
I am looking for someone who has good knowledge on Java, OWASP, Servlets and JSP to work on a project. 
Please message if interested.
Thanks 
1
Add a comment...
 
The OWASP Foundation have not received any submissions to run conferences in 2016. We are probably going to run a hybrid model for 2016.

As so many folks from the sub-continent have joined OWASP and this group, I would commend folks from Indian chapters working together to put in a bid for a major conference to be held in India. It's a LOT of work, but it's totally worth it. We are probably going to close the call for conferences in a few week's time, so please hop to it!

https://lists.owasp.org/…/owasp-l…/2014-December/013672.html
1
Add a comment...
 
Have you ever had your identity stolen? Or perhaps an identity crisis? I hope for your sake the answer is “no.”  However, if it’s yes, you are in good company.
Have you ever had your identity stolen? Or perhaps an identity crisis? I hope for your sake the answer is "no".
1
Add a comment...
 
If you are an #OWASP member, please help us improve our election processes and participate in the fortnightly calls 

http://lists.owasp.org/pipermail/owasp-leaders/2015-February/013871.html
[Owasp-leaders] Member help required! Election by laws, policies and procedures update. Andrew van der Stock vanderaj at owasp.org. Thu Feb 19 23:01:23 UTC 2015. Previous message: [Owasp-leaders] New Project Approval; Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] ...
1
Add a comment...