OWASP Newsletter 11

OWASP Newsletter #11 (18-Jan-2008)
Welcome to the 11th edition of the OWASP Newsletter, featuring the 2008 Australia Conference, the AntiSamy Project and the Secure Application Development Course 2008.

First of all, I would like to introduce myself as OWASP’s new Operations Director. I began working with OWASP on November 26, and will be in charge of all administrative operations. This will include handling all of the memberships, assisting with the planning and coordination of OWASP conferences, managing OWASP’s bookkeeping and assisting with any issues as they arise. I will also be in charge of writing and posting the OWASP Newsletter. We hope to eventually get these out on a weekly basis.

I would also like to welcome our newest OWASP Chapter located in Minneapolis. Kuai Hinojosa is the chapter lead.

As always, if you have any content to add to the next edition, please feel free to add it directly to its WIKI page OWASP Newsletter 12.

Alison McNamee - OWASP Operations Director - Alison.mcnamee@owasp.org

Featured Item: 2008 Australia AppSec Conference
The 2008 Australia AppSec Conference is fast approaching. The conference will be held on February 27th – 29th at the Gold Coast Convention Centre in Queensland Australia, and will include a Conference Training day on the 27th, and Conference Presentations on the 28th and 29th. Mark Curphey, the original founder of OWASP, will be speaking, as well as a number of other industry experts from all around the world. The conference is also going to include a Vendor Exhibition, Welcome Cocktail Party and Gala Dinner.

The early registration discount has been extended to January 25th, so be sure to register before then to take advantage of the savings.

To view the agenda, go to: http://www.owasp.org/index.php/OWASP_Australia_AppSec_2008_Conference/Agenda

Featured Project: AntiSamy Project
Arshan Dabirsiaghi, a Senior Security Analyst for Aspect Security, introduced his AntiSamy project at the OWASP San Jose AppSec Conference in November 2007. The AntiSamy project is an API for ensuring user-supplied HTML/CSS is in compliance within an application's rules.

You can read more about the AntiSamy project, and learn the 4 step process involved in the integration of AntiSamy at: http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project

Featured Event: Secure Application Development Course 2008 (Belgium, March 3-7)
A week-long intensive secure application development course on 2 tracks. It focuses on the following topics: Mainstream security technologies, Security related requirements, Secure application architectures, Cost-effective security features, Coding vulnerabilities and Assurance. OWASP members receive a 10% discount off the 2,750 € rate.

Visit http://secappdev.org/ for all the details and to register online.

New Pages

 * Securing cookie to one IP

Updated pages
Updated chapter pages:
 * Minneapolis St Paul
 * Jordan

Other pages:
 * OWASP News 2007
 * Archived Application Security News
 * Application Security News

New Documents & Presentations from chapters
For a complete list of chapter presentations see the online table of presentations.

OWASP references in the Media

 * Build secure Web applications with OWASP


 * Best Practices to Secure your Code