|
February 2016 Community News Flash |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : February 2016 Community News FlashIn this Issue FUNDING Let's Talk About Funding and Plan for 2016 PROJECTS Announcing GSoC 2016, New Releases from OWASP ZSC, ESAPI, WebGoat 7, and a ZAP User Survey CHAPTERS New Chapters, Leader Transitions, Meeting Ideas for 2016 EVENTS AppSec Europe and Other Upcoming Local and Regional Events RESOURCES List of Resources in this Issue --------------------------------------------------------------------- FUNDING Let's Talk About Funding and Plan for 2016 Get ready to share the OWASP vision and spread application security awareness. This January the OWASP Board released 33,000 to 65 Chapters This is an incredible opportunity for formerly underfunded chapters to plan for the coming year. Join Community Manager Noreen Whysel and Projects Coordinator Claudia Aviles-Casanovas in an online discussion of Funding Ideas for 2016. We will be dialing in to GotoMeeting on February 12 and February 16. The call will be recorded if you are unable to attend. There will be two calls. Fri, Feb 12, 2016 12 00 PM - 1 00 PM ESTTue, Feb 16, 2016 8 00 AM - 9 00 AM EST Call details https docs.google.com document d 1mLqBQcQvxYeaefQpGfsyoK4CxMoqScEJEx90c9qsnbA edit usp sharing --------------------------------------------------------------------- PROJECTS Announcing GSoC 2016, New Releases from OWASP ZSC, ESAPI, WebGoat 7, and a ZAP User Survey Got an Idea for Google Summer of Code 2016 The time of the year has come to propose ideas for GSoC 2016. We haven't been selected yet, but we need to populate this list of ideas as part of the organization application process. We have created a list here https www.owasp.org index.php GSOC2016_Ideas We have removed last year's ideas and only left some as example ideas . Please add more ideas to this list as you wish. You should put your ideas down before the application deadline, ie before February 19th. You will be able to add more idea after the deadline but we would like to present to Google as many ideas as possible. OWASP ZSC We are preparing to start developing a powerful obfuscation tool OWASP ZSC and looking for some volunteers to contribute the tool project. OWASP ZSC ProjectOWASP ZSC is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows Linux OSX under python. Usage of shellcodesShellcodes are small codes in assembly which could be use as the payload in software exploiting. Other usages are in malwares, bypassing anti viruses, obfuscated codes and etc. Usage of Obfuscate CodesCan be use for bypassing antiviruses, code protections, same stuff etc Why use OWASP ZSC According to other shellcode generators such as metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoders are able to generate shellcodes with random encodes that lets you to get thousands of new dynamic shellcodes with the same job in just a second, it means you will not get a same code if you use random encodes with same commands, and that makes OWASP ZSC one of the bests otherwise it's going to generate shellcodes for other operation systems in the next versions. It s the same story for the code obfuscation. There are more details about how it works and user guides and also how to develop. And whole developer and users guide documents are available for download in gitbooks. Developers can add new features and if you don t have idea but like to develop, you can find the issue which software needed to be fix add done HERE. After fix add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3. If you have any question you can open an issue or just mail us. Do not forget to register on our mailing list. If there is any questions, you can submit it in issues on github, mail us or contact the Project leaders directly. ali.razmjoo owasp.org johanna.curiel owasp.orgowasp-zsc-tool-project lists.owasp.org URLs OWASP Page https www.owasp.org index.php OWASP_ZSC_Tool_Project Github https github.com Ali-Razmjoo OWASP-ZSC API http api.z3r0d4y.com Documents on Gitbook https www.gitbook.com book ali-razmjoo owasp-zsc Tricks http zsc.z3r0d4y.com blog archives Issues https github.com Ali-Razmjoo OWASP-ZSC issuesMailing List https lists.owasp.org mailman listinfo owasp-zsc-tool-project WebGoat v.7 Webgoat v.7 released. Listen to our podcast as Bruce Mayhew explains the new version. The WebGoat Project started 10 years ago and has had over 1,000,000 downloads. Version 7.0 is being released this week. Matt Miller caught with Bruce Mayhew, project lead, to talk about the history of the project, what has been updated in version 7, and what he foresees as the future of this project. Project Page http www.owasp.org index.php CategorY OWASP_WebGoat_Project New ESAPI Release ESAPI project co-leader, Kevin Wall announced his team has just tagged and signed a new ESAPI release. The tag name is esapi-2.1.0.1. There are 36 GitHub issues that were closed. You can find full details at https github.com ESAPI esapi-java-legacy blob master documentation esapi4java-core-2.1.0.1-release-notes.txt.Note that there are also some important changes made to the GitHub repo itself. Specifically, we have chosen to adopt a git workflow based on this blog http nvie.com posts a-successful-git-branching-model , where all the new development work will be done on the 'develop' branch and the 'master' branch will henceforth reflect the latest official ESAPI release. To accommodate this, The 'develop' branch has now been made the DEFAULT branch. The 'master' branch has now been made a PROTECTED branch. Chris Schmidt will be uploading this to Maven sometime later this day, probably once he's through with his day job. Lastly, a special shout-out to Matt Seil and Jeremiah Stacey for their help with Git and some nasty JUnit concurrency issues. ZAP User Survey Please help us to make owasp ZAP even better for you by answering the ZAP User Questionnaire https docs.google.com forms d 1-k-vcj_sSxlil6XLxCFade-m-IQVeE2h9gduA-2ZPPA viewform A Call for Comments on the OWASP Projects Handbook update is now open. We invite project participants to visit the OWASP Projects Handbook draft on Google Docs and enter comments. You can also download a PDF version from the OWASP Projects wiki page and forward comments to Claudia Aviles-Casanovas at claudia.aviles-casanovas owasp.org. OWASP 24 7 PodCasts Today the OWASP 24 7 Podcast Series released an interview, OWASP Top 10 Proactive Controls Project with Jim Manico and Katy Anton. We hope you enjoy it. We now have 72 podcasts for your listening pleasure. Knock yourself out Created by Mark Miller, OWASP 24 7 Podcasts offer a great forum for getting an update on projects. Listen to interviews with project leaders at https soundcloud.com owasp-podcast. --------------------------------------------------------------------- CHAPTERS New Chapters, Leader Transitions, Meeting Ideas for 2016 New Chapters Burkina Faso Michael Auras, leader michael.auras owasp.org https www.owasp.org index.php Burkina_Faso Restarted Chapters Aguascalientes, Mexico Juan Gama and Aldo Salas, new leaders juan.gama owasp.org, aldo.salas owasp.org https www.owasp.org index.php Aguascalientes_Mexico Leader Transitions Cluj, Romania Lucian Suta and Cristian Serban, new leaders. Much appreciation owed to Lucian Corlan who founded the chapter last year and developed wonderful public programs on application security with local government. https www.owasp.org index.php Cluj Kolkata, India Jitendra Adhikari Jitendra.Adhikari owasp.org and Tanmoy Khanra Tanmoy.Khanra owasp.org join the leadership team with Krishnendu Paul. Dibyendu Sikdar is stepping down. Many thanks to Dibyendu for your service to OWASP Kolkata. https www.owasp.org index.php Kolkata There are many leader openings for chapters that have gone inactive, particularly in the Middle East and Africa. Go to the Volunteer page for a listing of open positions http owasp.force.com volunteers GW_Volunteers__VolunteersJobListing New Student Chapters Mumbai Student Chapter President Dhiraj Mishra, Treasurer Vipin Pal, Faculty Advisor Archana Bhide https www.owasp.org index.php Mumbai_Student_Chapter Learn more about our Student Chapters and Academic Supporter programs. Restarting an Inactive Chapter If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you. Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard https docs.google.com spreadsheets d 11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ pub hl en_US hl en_US output html --------------------------------------------------------------------- EVENTS Upcoming AppSec Events The European OWASP Conference is going to be one of the best ever.Come to hear and share ideas with the experts 27 June - 1 July 2016 Read the latest news on the next OWASP AppSecEU on the conference site http 2016.appsec.eu Important keynote speakers will be present at the Marriott Park Hotel in Rome, Italy. Our special guest will be Charlie Miller, who will present the keynote talk Bugs ruin everything . In his speech, Miller will discuss some popular methods for finding vulnerabilities and why it is so difficult to spot them. Charlie Miller is a senior security engineer at Uber ATC, a hacker, and a gentleman. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four-time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He has hacked browsers, phones, cars, and batteries. The Open Web Application Security Project is an open-source project for application security. OWASP provides advice on the creation of secure Internet applications and testing guides. It boasts a strong global community with more than 45,000 participants, more than 55 corporate members and 20 academic supporters through 249 active local chapters in 6 continents and 97 countries. More than 800 people are expected at the event, with 3 days of training followed by the 2-day conference that includes Five parallel talks with focus on the OWASP core mission Dev, Ops, Hack, CISO and Research Keynotes from industry leaders Exhibition spaces that offer innovative solutions for the needs of companies. Do not miss the opportunity to participate this important conference, mentioned in Tripwire as a TOP 11 SECURITY CONFERENCE IN 2016. More details on registration, program and speakers will be sent in a forthcoming communication. Global AppSec Events AppSec Europe 2016, 30 June - 1 July, 2016, Rome, Italy AppSec USA 2016, 11 October - 14 October 2016, Washington, DC Regional and Local Events Snow FROC 2016, February 18, 2016, Denver, CO Latam Tour 2016, April 7, 2016 - April 22, 2016, Latin America multiple sites AppSec ASIA 2016, May 19 2016 - May 22, 2016, Wuhan, China Partner and Promotional Events SC Congress London February 10, 2016, ILEC Conference Centre London, UK. Register today for an exclusive OWASP Member discount of 125. Full Conference pass sells for 350 Use the discount code - OWASPMEM ONE2ONE SUMMIT, February 27 - February, 29, 2016, Parc 55 San Francisco, CA CISO Middle East Summit Roundtable, February 29 - March 3, 2016, Habtoor Grand Hotel Dubai, The UAE. OWASP members save 20pourcents by registering with your OWASP email address and discount code OWASP2016 Blackhat Asia 2016 March 31 - April 1, 2016, Marina Bay Sands Singapore Connected Security Expo, April 6 - April 8, 2016, Sans Expo Las Vegas, NV QuBit Conference, April 12 - April 14, 2016, Grandior Hotel Prague. OWASP members can save 10pourcents by using their OWASP email address and discount code OWASP 2016 13th Annual CISO Europe Summit Roundtable 2016, May 10 - May 13, 2016, Copenhagen Marriott, Denmark. OWASP members save 20pourcents by registering with your OWASP email address and discount code OWASP2016 ONE2ONE SUMMIT, May 23 - May 25, 2016, Hotel Monteleone, New Orleans, LA. OWASP members receive a 200 USD discount on Briefings with discount code OWBR0316 SC Congress Toronto June 1, 2016 - June 2, 2016, Metro Convention Center Toronto, CN. Register today for an exclusive OWASP Member discount of 125. Full Conference pass sells for 350 Use the discount code - OWASPMEM Watch the AppSec Conference page for updated event listings. Be sure to enter your upcoming event into the OWASP Conference Management System so we can promote it and provide assistance. --------------------------------------------------------------------- RESOURCES Project Inventory https www.owasp.org index.php OWASP_Project_Inventory https www.owasp.org index.php Category OWASP_Project Google Summer of Code 2016 Ideas https www.owasp.org index.php GSOC2016_Ideas OWASP ZSC Tool https www.owasp.org index.php OWASP_ZSC_Tool_Project WebGoat v.7 http www.owasp.org index.php Category OWASP_WebGoat_Project ESAPI Release https github.com ESAPI esapi-java-legacy blob master documentation esapi4java-core-2.1.0.1-release-notes.txt ZAP User Questionnaire https docs.google.com forms d 1-k-vcj_sSxlil6XLxCFade-m-IQVeE2h9gduA-2ZPPA viewform Chapter Leader Handbook https www.owasp.org index.php Chapter_Leader_Handbook Funding Resources https www.owasp.org index.php Funding Donation Scoreboard - Current Chapter and Project Funding Allocations https docs.google.com spreadsheets u 2 d 11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ pub hl en_US hl en_US output html OWASP Conference Management System https www.owasp.org index.php Owasp_Conference_Management_System --------------------------------------------------------------------- CONTACT MEFeel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at http www.tfaforms.com 308703. Noreen Whysel Community Manager OWASP Foundation Community Manager Open Hours on Slack Join the AsktheCM channel Tuesdays from 10am-Noon EDT. https owasp.slack.com messages askthecm
Les mots clés de la revue de presse pour cet article : flash Les videos sur SecuObs pour les mots clés : flash Les éléments de la revue Twitter pour les mots clé : flash
Les derniers articles du site "Open Web Application Security Project" :
- Purchase an OWASP Individual Membership or Renew your Existing for a chance to WIN - OWASP Connector Newsletter - March 31, 2016 - March 2016 Community News Flash - OWASP Connector Newsletter - February 25, 2016 - February 2016 Community News Flash - January 2016 OWASP Connector Newsletter - January 2016 - Community News Flash - OWASP Projects - Global Improvements Benchmark Specifics - December 2015 Connector - December 2015 - Community News Flash
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|