Sponsored White Papers, Webcasts, and Downloads
ZDNet Dictionary Definition
- OWASP
- Open Web Application Security Project An organization founded by Mark Curphey in 2001 to help make open source software secure. With member communities around the world, OWASP projects...
- Full OWASP Definition >>
ZDNet Resources
- OWASP gets Fortify-ed (Now with 45ò0more security)
- OWASP gets Fortify-ed (Now with 45ò0more security)OWASP & PCI & Fortify discussed at pciFile.ORGWe are fans of Fortify over at pciFile. Good tool that can be used as an effective compensating control for a number of PCI RequirementsTo see more discussion on PCI - go to the PCI...
- Tags: PCI, Fortify-ed, OWASP, security
- Discussion threads 2006-07-31
- OWASP gets Fortify-ed (Now with 45% more security)
- Fortify Software, which identifies and remediates software vulnerabilities, has contributed its collection of 115 types of software security errors to the Open Web Application Security Project OWASP, a six-year old non-profit with almost 5,000 members whose “mission is to find and fight the causes of insecure software.” The work will...
- Tags: OWASP, Fortify
- Blog posts 2006-07-31
Additional Resources
- The empty debate over open source security
- The empty debate over open source securityAll Code InsecureGo browse OWASP. This article really doesnt say much of anything.Inherently Insecure Open Source! - COXMy rep almost lost his appetite as he told me about all of the years old Open source viriuses! He described it as a boiling over sewer...
- Tags: open source security, open source
- Discussion threads 2008-08-01
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Tags: Nominee, Vulnerability, XSS, Attack, Flaw, Dan, XSS Flaw, Lifelock, Security, Nathan McFeters
- Blog posts 2008-07-21
- Security is hard, accept it
- * Ryan Naraine is on vacation. Guest editorial by Dr Jose Nazario The past 10 or 15 years have been about the same things, largely, over and over again: input problems into single system applications or kernels. Buffer overflows (splitvt! NCSA...
- Tags: Security, Ryan Naraine
- Blog posts 2008-07-10
- Kaminsky and Ptacek comment on DNS flaw
- Well, well, well, what a day for security news! I got a chance to get the scoop word of mouth from Dan Kaminsky of IOActive (pictured above [image courtesy of quinnums]) and Thomas Ptacek of Matasano pictured below on the DNS flaw that's been all over the...
- Tags: DNS, Flaw, Nate, Domain Names, Networking, Security, Internet, Nathan McFeters
- Blog posts 2008-07-08
- News to know: Searching Silverlight; IE 8; Dell; Google vs. YouTube
- Notable headlines: Mary Jo Foley: Microsoft: Silverlight content searchable, too Ryan Stewart: Brian Goldfarb talks about Silverlight 2 and Deep Zoom with Michael Cot LineRider releases a Silverlight 2 version Microsoft steps up self-policing of its OSI-approved source licenses ...
- Tags: Apple iPhone, Security, Google Inc., Dell Computer Corp., Microsoft Silverlight, Mobile, YouTube Inc., Microsoft Internet Explorer, Microsoft Corp., Linux, UNIX, Keyboards, Operating Systems, Advertising & Promotion, Open Source, Software, Hardware, Peripherals, Marketing, Larry Dignan
- Blog posts 2008-07-03
- PCI-DSS 1.1 points to outdated OWASP Top 10
- OK, I'm not going to freak out about this too bad... I've already pointed out enough problems with PCI, but I did find it morbidly entertaining. My good friend Jeremiah Grossman pictured at right blogged today about the PCI-DSS 1.1 section 6.5, which covers "prevention of common coding vulnerabilities in...
- Tags: XSS, PCI, Security, Storage, Hardware, Nathan McFeters
- Blog posts 2008-07-02
- 90ò0of all statistics can be made to say anything... 50ò0of the time, aka my thoughts on the Verizon report
- 90ò0of all statistics can be made to say anything... 50ò0of the time, aka my thoughts on the Verizon reportHow many breaches from External...sources were facilitated by poor practices of inside sources? Weak passwords, poor surfing habits, poor security implementations, etc. External breaches only occur when an insider allows it to...
- Tags: Firewalls, SECURITY, NETWORKING, Network security, Verizon Communications Inc., WAF
- Discussion threads 2008-06-23
- Morse Code Rickroll 0-day... no, seriously, I mean it
- In the security research world, getting Rickrolled has become a global epidemic. If you've been to any of the recent conferences, you're sure to have been Rickrolled at least once... if you were fortunate enough to be at ToorCon Seattle, then you got Rickrolled about 300 times by Dan Kaminsky....
- Tags: Morse Plc., I/O, XSS, Encryption, Security, Nathan McFeters
- Blog posts 2008-05-04
- Security expert discusses a possible future for PCI-DSS... it's grim
- Jeremiah Grossman discussed some recent comments about section 6.6 of the PCI standard made by Standards Council General Manager Bob Russo in a recent Information Security magazine article. I found a lot of thoughts I share with Grossman. Grossman says: I have a love-hate relationship with PCI-DSS. Love it...
- Tags: Security, PCI, Web Application, Application Firewall, Security Expert, Jeremiah Grossman, Ruso, Firewalls, Networking, Nathan McFeters
- Blog posts 2008-04-14
- Microsoft 'Oxygen' security-management platform in the works
- Microsoft has hired security expert Mark Curphey, the former Chief Technology Officer of SourceClear, who is bringing with him to Microsoft the "Oxygen" security platform and security-lifecycle applications he had been developing. Curphey is joining the company as a member of the Application, Consulting and Engineering ACE...
- Tags: Oxygen, Microsoft Corp., Curphey, Security, Mary Jo Foley
- Blog posts 2007-10-09
- Use the revised OWASP Top Ten to secure your Web applications -- Part 8
- In this final installment in the revised Open Web Application Security Project OWASP Top 10 series, the final three vulnerabilities are explored -- insecure cryptographic storage, insecure communications, and failure to restrict URL access. Tom Olzak explains the nature of these weaknesses followed by recommendations for protecting Web applications from...
- Tags: Web Application, Tom Olzak
- Download resources 2007-06-13
- Use the revised OWASP Top Ten to secure your Web applications - Part 7
- The seventh installment in the 2007 OWASP Top 10 series takes a look at broken authentication and session management vulnerabilities. Tom Olzak explains the nature of this weakness followed by recommendations for protecting Web applications from attacks related to this security problem. This download is also available...
- Tags: Web Application, Tom Olzak, Security
- Download resources 2007-06-06
- Use the revised OWASP Top Ten to secure your Web applications -- Part 6
- Vulnerability six in the 2007 OWASP Top Ten is Information Leaking and Improper Error Handling. Typically caused by verbose errors, attackers exploit this weakness to obtain information about the target system's software and hardware architecture. In this, the sixth in a series on the revised OWASP Top Ten Web Application...
- Tags: Web Application
- Download resources 2007-05-10
- Use the revised OWASP Top Ten to secure your Web applications -- Part 5
- Insecure direct object access and cross site request forgery CSRF are serious flaws found in many Web applications. In fact, some hackers say that there isn't a Web site on the Internet that isn't vulnerable in some way to CSRF. In this, the fifth in a series on the revised...
- Tags: Web Application
- Download resources 2007-04-18
- Use the revised OWASP Top Ten to secure your Web applications -- Part 4
- Malicious file execution is one more weakness caused by failing to control application input. In this, the fourth in a series on the revised OWASP Top Ten Web Application Vulnerabilities, Tom Olzak explains the nature of malicious code execution followed by recommendations for protecting Web applications from related attacks. Coding...
- Tags: Web Application, Execution, File Execution
- Download resources 2007-04-02
- Use the revised OWASP Top Ten to secure your Web applications -- Part 3
- Injection flaws, specifically SQL injection vulnerabilities, can present the greatest business risk in a Web application environment. In this, the third in a series on the revised OWAP Top Ten Web Application Vulnerabilities, Tom Olzak explains the nature of injection flaws and SQL injection attacks and then makes recommendations for...
- Tags: Web Application, SQL Injection, Security
- Download resources 2007-03-23
- Use the revised OWASP Top Ten to secure your Web applications -- Part 2
- Cross site scripting XSS vulnerabilities are normally found in Web applications in which code injection is allowed. It is the most common Web application vulnerability. Scripts exploiting this weakness can cause serious problems for home and business users. In this download, Tom Olzak explores the types of cross site scripting...
- Tags: XSS, Web Application
- Download resources 2007-03-05
- Lock it down: Use the revised OWASP Top Ten to secure your Web applications -- Part 1
- For the first time since 2004, the Open Web Application Security Project OWASP is updating its Top 10 Vulnerabilities list. As a supplement to an previously published TechRepublic article on the 2004 OWASP Top 10, this is the second in a series of articles in which Tom Olzak explores the...
- Tags: TechRepublic Inc., Environment, Article, Web Application
- Download resources 2007-02-15
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
"See how Intel is consolidating down to 8 global data center hubs through the use of consolidation, virtualization and standardization. The initiative is expected to save Intel $1.8B by project completion.
