Christian Edjenguele

Open Web Application Security Project (OWASP)

2011-01-11T03:03:00.000-08:00

* Subject: For Immediate Release: 10 Jan 2011

The OWASP Global Summit is the place where application security experts from around the world will meet to discuss progress, plans, projects and new solutions for the future of the application security.

What option will you choose to show your support at the Global Summit?

Full details: http://sl.owasp.org/summitsupport

* Sponsored Villa 10k
* Meeting Room Sponsorship 6k
* Projector Sponsorship 2k
* Lunch Sponsorship 2k
* Happy Hour/ Social Session Sponsorship 2k
* Dinner Sponsorship 4k

ACT NOW Space is limited - Contact Tom Brennan 973-202-0122 for more information about opportunities or click here: http://www.owasp.org/index.php/Summit_2011_FAQ for other FAQ
original Post By Tom Brennan

CFP - Security Byte & OWASP AppSec ASIA 2009

2009-07-07T10:04:00.000-07:00

Securitybyte & OWASP AppSec Asia Conference is a forum where Ethical Hackers, Practitioners, Researchers, and Developers in Information Security field, gathers to showcase and exchange new Researches, Innovations, Practical ideas and Experiences. If you are developing, researching, or implementing practical solutions to protect Corporate or Government Information Infrastructures, please consider sharing your experience and expertise at this conference.

First round of CFP submission is July 30th, 2009.
Send your interest and submissions to cfp@securitybyte.org

For any Speaking query, please contact us at speakers@securitybyte.org

We are seeking submissions for both Two days Conference Track & Post conference two days Training workshops in the following areas:

Conference Tracks (17 – 18 Nov, 2009)
You can submit your response for any the following three conference tracks

* CT 1 - Application, Database & Web Security
* CT 2 - Infrastructure Security (Network / Wireless/ Bluetooth / Malware / Forensics / Cyber- terrorism / Physical Security / Information warfare etc.)
* CT 3 - Risk Management / Compliance

SF.net Community Choice Awards 2009

2009-05-06T11:03:00.000-07:00

Nominate OpenSQLi-NG for the SF Community Choice Awards 2009, for the following categories:

Best New Project

Best Tool or Utility for Developers

OpenVAS Developer Conference #2 (July 9th - 12th) - WorkShop

2009-04-29T09:44:00.001-07:00

a one day workshop (July 8th 2009) prior to the
OpenVAS Developer Conference #2 (July 9th - 12th)
will be conducted for OpenVAS users.

The following topics will be covered:

1. OpenVAS architecture
2. Installation of OpenVAS on Linux systems
3. OpenVAS scanning
OpenVAS features
Creation of policies and running the scan
Credentiated and Credential less scanning
The OpenVAS knowledge base
Logs
Scanning different network devices: Windows, Unix
Reports
4. OpenVAS Administration
5. Writing NASL plugins
6. OpenVAS integrated tools

Price: EURO 300,-

The money will be utilized to cover the travel costs for students and other
private OpenVAS developers to join the OpenVAS developer's conference.

The workshop is held in english language by Chandrashekhar B of the
company SecPod (India). SecPod will not charge for this and so
100% of the money will help to physically gather a forceful developers
team to prepare for OpenVAS 3.0.

If you are interested and willing to register, please send a mail to
openvas-devcon@intevation.de at the earliest confirming your attendance.

Details on the workshop will also be updated here:
http://www.openvas.org/openvas-devcon2.html

OWASP AppSec DC 2009 Conference Call for Papers

2009-04-28T11:37:00.000-07:00

Hello,

OWASP is currently soliciting papers for the OWASP AppSec DC 2009
Conference that will take place at the Walter E. Washington Convention
Center in Washington, DC on November 10th through 13th of 2009. There
will be training courses on November 10th and 11th followed by plenary
sessions on the 12th and 13th with each day having at least three
tracks. AppSec DC may also have BOF, break out, or speed talks in
addition to the standard schedule depending on the submissions we receive.

We are seeking people and organizations that want to present on any of
the following topics (in no particular order):
- Business Risks with Application Security.
- Starting and Managing Secure Development Lifecycle Programs.
- Web Services-, XML- and Application Security.
- Metrics for Application Security.
- Application Threat Modeling.
- Hands-on Source Code Review.
- Web Application Security Testing.
- OWASP Tools and Projects.
- Secure Coding Practices (J2EE/.NET).
- Privacy Concerns with Applications and Data Storage
- Web Application Security countermeasures
- Technology specific presentations on security such as AJAX, XML, etc.
- Anything else relating to OWASP and Application Security.

To make a submission you must include :
- Presenter(s) name(s)
- Presenter(s) Email and/or Phone number(s)
- Presenter(s) bio(s)
- Title
- Abstract
- Any supporting research/tools (will not be released outside of CFP
committee)

Submission deadline is June 15th 2009 at 11:59 PM Eastern Standard
Time. Submit Proposals To mark.bristow(at)owasp.org with the subject
line "APPSEC DC CFP SUBMISSION" (an automated filter is used).
Additional information can be found in the FAQ.

Conference Website: https://www.owasp.org/index.php/OWASP_AppSec_DC_2009
FAQ: https://www.owasp.org/index.php/OWASP_AppSec_DC_2009_-_FAQ
CFP w/ FAQ: http://www.owasp.org/images/6/65/AppSec_DC_2009_CFP.pdf

Please forward to all interested practitioners and colleagues.

Regards.

The OpenSQLiNG project starts

2009-04-26T02:26:00.000-07:00

I'm glad to announce the start, of the next generation open source sql injection tool, see the project page page for details at: http://opensqling.sourceforge.net/

Database Environment : Project is a database abstraction layer (API)
Intended Audience : Advanced End Users, Developers, System Administrators
License : GNU General Public License (GPL)
Operating System : OS Independent (Written in an interpreted language)
Programming Language : Java, Jython
Topic : Security
Translations : English
User Interface : Command-line, Web-based, Plugins

Summary

OpenSQLi-NG (pronounced Open SQLi N-G) is the next generation open source sql injection tool, build upon a powerful Client/Server plugins-based architecture, It silently test and exploit (on-demand) SQL injections conditions, its core features are DBMS fingerprint, database enumeration and the operating system commands execution. it's coded in python with java class libraries, this makes it completly OS-independent. a Web-Interface will also be available.
Note that this is only the engine of a big vulnarability scanner that I'm planning to implement.

Website unavailable

2009-04-25T03:45:00.000-07:00

just to inform my website http://christian.africa-web.org is unvailable due to a server problem.
thanks for your patience.

Network Vulnerabity Check for the OpenVAS platform

2009-04-22T11:49:00.000-07:00

Network Security Tests contribution for the OpenVAS Project, this just a few list:
NASL source code are released under the GNU GPL license, and are freely available on Developer Platform

remote-ApacheOfbiz-htmlInjection.nasl
remote-detect-ApacheOfbiz.nasl
remote-detect-filemaker.nasl
remote-detect-filemaker-pwd-disclosure.nasl
remote-detect-firebird.nasl
remote-detect-MDNS.nasl
remote-detect-MSdotNET-version.nasl
remote-detect-Opentaps_ERP_CRM.nasl
remote-detect-sybase-easerver-mgmt.nasl
remote-detect-sybase-easerver.nasl
remote-detect-WindowsSharepointServices.nasl
remote-MS00-006.nasl
remote-MS00-058.nasl
remote-MS00-060.nasl
remote-MS00-078.nasl
remote-MS03-018.nasl
remote-MS03-022.nasl
remote-MS03-034.nasl
remote-MS03-051.nasl
remote-MS04-011.nasl
remote-MS04-017.nasl
remote-MS05-004.nasl
remote-MS06-033.nasl
remote-MS06-056.nasl
remote-MS07-040.nasl
remote-Opentaps-htmlIjection.nasl
XRMS_CVE-2008-3664.nasl

OpenVAS Developer Conference #2 (July 9-12 2009)

2009-04-08T12:52:00.000-07:00

The second OpenVAS developer conference takes again place in Osnabrück, Germany. This page summarizes the current state of planning.

Attention: User's Workshop planned: Workshop on OpenVAS administration and deployment on the day prior to the conference: July 8th 2009. Costs will be reasonable and the money spend to cover travel costs for students and other private OpenVAS developers. Please express your serious interest to openvas-devcon@intevation.de.

Agenda:

This is a collection of thoughts discussed on the mailing list openvas-discuss. Please involve yourself there to express your ideas or needs.

A major goal is derive a master plan for the next 12-24 month of development.

* review the past 2 years of progress
* plan future features
o Walkthrough of all the pending CR's
* discuss core designs (towards OpenVAS 3.0)
o OIDs: final layout and assignment procedure
o how to get rid of the opevas-plugins module
o replace the current internationalization concepts in nasl/server with a solution by standard technologies
o OVAL with OpenVAS
* discuss how to extend NVT coverage
* discuss whether and how to retire NVTs
* discuss professional services and how they relate to project
* meet the members of the OpenVAS mailing lists in real life and have a beer (or other beverages)

Place:

Intevation GmbH kindly hosts the developer conference at their offices:
Neuer Graben 17
49074 Osnabrück
Germany

Note for attendies of the DevCon1: Intevation moved to new offices in 2008 which are around 5 minutes walking distance from the ones where DevCon1 took place.

Accomodation:

Intevation will take care of hotel reservations. Please include your preferences with the expression of interest for attending.

How to attend:

Please let us know on the openvas-discuss mailing list or directly to openvas-devcon@intevation.de whether you like to attend.

Event page: http://www.openvas.org/openvas-devcon2.html

OWASP NYC AppSec 2008 Conference

2008-06-26T10:28:00.000-07:00

Management, Developers, Security Professionals – can only result in one thing…… better security.

http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008

OWASP Community

2008-06-19T09:03:00.000-07:00

Hi guys, I have just join the OWASP Foundation(Open Web Application Security Project)

Some white papers on web application security

2008-05-27T06:29:00.000-07:00

Interesting white papers and articles, can be found on Acunetix Web Site

Some interesting articles in IT Security

2008-05-23T08:36:00.001-07:00

www.phrack.com

IT Security and more, white papers

2008-05-23T07:38:00.000-07:00

Tradepub.com

Hacking Manual

2008-05-23T07:18:00.000-07:00

A Nice Hacking blog