OWASP Navigation

Archive for the ‘Ireland Stuff’ Category

Gartner smell the bacon/tofu!!!!

Monday, February 19th, 2007

Gartner published a document titled

“Impediments and Drivers of Application Security” (Feb 16th) ->

It contains the same message OWASP have been talking about for years: “Firewalls/IDS are not enough, Intranet is not as safe as you thought…” (Think of the enemy within: http://www.darkreading.com/document.asp?doc_id=117605&WT.svl=news1_2 )

It also says that the AppSec early adopters are the large e-business corps. Companies which rely on e-business more than “over-the-counter” business.: Mutual fund banks, etc….

 It also mentions that Application developers must accept responsability for security which I think is on the right track but PM’s (Project Managers) and key business units must take this responsibility also. Factor security into development time-lines would be a nice start. :)

Rely on outsource development is not good. One should require security as part of the functional spec.

Bottom line: Integrate security into the Software Development Lifecycle. Perform security tests as part of unit and functional testing.

Wakey, wakey, If Gartner say it then it must be true!!!

 

Posted in Uncategorized, Ireland Stuff, OWASP Stuff | No Comments »

OWASP Testing Guide v2.0

Thursday, January 11th, 2007

Hello again, Eoin here,

The New OWASP testing guide has been completed and shall be on official release on the 10th Feb.

You can get a sneak preview on the OWASP site:

http://www.owasp.org/index.php/OWASP_Testing_Project

SO it has taken a ling time to get this far. Kudos to the AoC initiative as without the AoC we (OWASP) would not of have as much energy to complete this massive task.

The AoC technical Lead was Matteo Meucci (Italy) and fair play to him for digging in, but also fair play to everyone else, you know who you are.

-ek

Posted in Uncategorized, Ireland Stuff, OWASP Stuff | No Comments »

OWASP Live CD

Tuesday, January 2nd, 2007

The OWASP Live CD is an OWASP initiative aimed at producing a physical artifact for use by security persons. It should be released very soon and shall contain plenty of OWASP tools and other open source tools. It shall also contain electronic version sof the OWASP guides currently published namely; The Guide (development guide) and the testing guide (to be released ths month).

Anyone attending the next OWASP Ireland chapter meeting can get a free copy of the Live CD. Meeting TBA.

-ek

Posted in Tech Stuff, Ireland Stuff | No Comments »