About the Global OWASP Foundation Group
Free & Open
Governed by rough consensus & running code
Abide by a code of ethics (see ethics)
Not-for-profit
Not driven by commercial... more »
Have something to say?
Join LinkedIn for free to participate in the conversation. When you join, you can comment and post your own discussions.
Join LinkedIn-
OWASP Top 10 for JavaScript - A2: Cross Site Scripting - XSS open.bekk.no
Cross site Scripting - or XSS - is probably one of the most common...
-
HTML5 Unbound, part 4 of 4 deadliestwebattacks.com
(The series concludes today with guesses about the future of web...
-
OWASP Top 10 for JavaScript - A2: Cross Site Scripting - XSS open.bekk.no
Cross site Scripting - or XSS - is probably one of the most common...
-
Critical vulnerability derails Ruby on Rails h-online.com
An SQL Injection vulnerability is one of two problems that the Ruby...
-
SMBlog — 1 June 2012 cs.columbia.edu
Here we go again; another instance of really sophisticated spyware...
-
Obama Ordered Use of Stuxnet, Acceleration of Cyber Attacks Against Iran securityweek.com
According to a soon-to-be-released book by David Sanger, President...
-
Burp plugin for scanning GWT and JSON HTTP requests gremwell.com
A while ago Alex came up with a solution to get Burp to scan JSON...
-
Project guidelines
Hi friend, I'm planning to do my MS project in Application security area, could you provide some guidelines to select...
-
-
Utilizing Metasploit as a Login Scanner and as a Bruteforce Attack Tool pentestlab.org
Metasploit has been a great help to all penetration testers,...
-
-
Complex Cyberwar Tool 'Flamer' Found Infecting Computers In Iran &... darknet.org.uk
In December last year, Microsoft released the patch for the...
-
OWASP Top 10 for JavaScript - A2: Cross Site Scripting - XSS open.bekk.no
Cross site Scripting - or XSS - is probably one of the most common...
-
Apple Details iOS Security Features in New Guide threatpost.com
Apple released an iOS security guide for the operating system on...
-
Pseudorandom thoughts on how to make the best of Agile 1raindrop.typepad.com
Agile is not an ideal development methodology from a security...
-
Halock SecurityLabs and CDGI Launch "Security Integrated" reuters.com
HALOCK and CDGI Launch “Security Integrated," a New Model for Hosting...
-
On-line Consultation on European Strategy for Internet Security
In the Digital Agenda Platform a background document on European Strategy for Internet Security is published and it open for online...
-
Flame Burns Right Through Windows Application Security blog.checkmarx.com
Learn more about the latest virus Flame, and how implementing...
Most Popular Discussions
James F.
Should there be a minimum standard for who is allowed to be a chapter leader?
While I am a big believer in being OPEN, I am equally a believer that OWASP needs to protect its brand and therefore there should be ...
Sarah
OWASP Marketing RFP
OWASP Community Members,
With the assistance of the Global Connections Committee, we are currently soliciting proposals to help OWASP ...
OWASP Marketing RFP - 5/24/2012 - Google Docs docs.google.com
Gerasimos
Again a terrific post on how to deliver buffer overflows through costume tools: http://blog.elusivethoughts.org
Getting into the dark world of payload delivery....
Any Elusive Thoughts? securityhorror.blogspot.com
Intro It is really annoying not being able to learn basic information about penetration testing without struggling to locate the proper information. This post is about delivering the payload the proper way, the bible is says...
ARUL SELVAR
Sandra
Any good examples of XSS JSON vulnerabilities?
I have quickly gone over the OWASP XSS documentation but I was wondering if anyone has found additional good resources specific to JSON ...
Jay
Checking Out Backdoor Shells resources.infosecinstitute.com
Remote File Inclusion In this write-up, we will be talking about PHP backdoor shells since most websites are coded in PHP. Below is a simple PHP code that is very popular and is scattered all over the web (...
Asaph
Flame Burns Right Through Windows Application Security blog.checkmarx.com
Learn more about the latest virus Flame, and how implementing Application Security via Static Code Analysis could have prevented...
Matthew
HALOCK and CDGI Launch “Security Integrated," a New Model for Hosting Facilities and Data Centers Chicago’s only PCI Compliant data center with a comprehensive and fully integrated security lab HALOCK Security Labs and Cyber...
Jay
Mutillidae is a free and open source web application for website penetration testing and hacking which was developed by Adrian “Irongeek” Crenshaw and Jeremy “webpwnized” Druin. It is designed to be exploitable and vulnerable...
Vishal
Compliance standards for application security
With so many compliance standards in existence, trying to find out the ones that are most applicable to AppSec.
Which compliance standards do you think are relevant to application security and why? polls.linkedin.com
Vote on this LinkedIn Poll to see the results divided by age, seniority, and gender. Use Polls to leverage the collective wisdom of millions of business professionals on LinkedIn.
Ben
Security Assessment Specialist / Audit - London - Up to £52,500 + Excellent Bens (20% pension, 30 days annual leave, Private Health Care,...
Security Assessment Specialist / Audit - London - Up to £52,500 + Excellent Bens (20% pension, 30 days annual leave, Private Health ...
Proprius Recruitment propriusrecruitment.com
IT Security Assessment Specialist Benefits: Excellent Banking Benefits + Bonus Details: IT Security Assessment Specialist required for as a technical security lead in IT for the Audit department. You will have strengths in...
