-
WASC Beerfest 2008 @ RSA April 9th
Announcement Link: http://jeremiahgrossman.blogspot.com/2008/03/wasc-rsa-meet-up-2008.html
-
Malware honeypots wait for ’08
"An innovative malware honeypot project backed by a leading consortium of IT security experts is preparing to re-launch its global sensor network after Jan. 1 in an effort to dupe more cyber-criminals into handing over information about their latest attack methods. Project link: The Web Application Security Consortium's Distributed Open Proxy Honeypot Project, which was…
-
WASC Script Mapping Project released
Romain Gaucher writes "The Web Application Security Consortium is pleased to announce the first results of the Script Mapping project! At this stage in the project we were able to cover most of the test cases for Internet Explorer 7, Firefox 2 and Safari 3. The results can be found on the project page: http://www.webappsec.org/projects/scriptmapping/…
-
Appsec 2007 Event pictures
The WASC/OWASP event went very well as over 250 showed up. Below are some pictures of the event by a few of the sttendee's including Anurag a WASC officer. I will add some more pictures as they become available including news stories covering the event. Anurag Picture Link: http://myappsecurity.blogspot.com/2007/11/appsec-2007-pictures-of-breach-party.html Wayne Picture Link: http://picasaweb.google.com/wayne.armorize/OWASPWASC2007 GGee Picture…
-
WASC meetup on Nov 8
WASC is having a meetup in Silicon Valley in Cupertino California. If you're interested in attending visit the meetup link below and RSVP. These meetings are a good way to find out what WASC (The Web Application Security Consortium) is all about, chat with fellow security people, and drink beer. Meetup Link: http://myappsecurity.blogspot.com/2007/11/wasc-meetup-on-nov-8.html
-
OWASP & WASC AppSec 2007
"OWASP and WASC have joined forces for this year's AppSec 2007 conference being held at eBay in San Jose, CA on Nov 12-15. A huge concentration of industry leading experts will be in attendance presenting high quality web application security content. AppSec 2007 offers a unique opportunity for security professionals, software developers, and IT managers…
-
OWASP & WASC AppSec 2007
"OWASP and WASC have joined forces for this year's AppSec 2007 conference being held at eBay in San Jose, CA on Nov 12-15. A huge concentration of industry leading experts will be in attendance presenting high quality web application security content. AppSec 2007 offers a unique opportunity for security professionals, software developers, and IT managers…
-
WASC Announcement: Web Application Security Scanner Evaluation Criteria Call for Participants
The Web Application Security Consortium is pleased to announce a new project " Web Application Security Scanner Evaluation Criteria (WASSEC)". Currently WASC is seeking volunteers from various sections of the community including penetration testers, scanner vendors, security researchers and also end users to contribute to the project. A brief description of the project The Web…
-
My experience at blackhat/defcon
Vegas was interesting this year to say the least. For starters I finally got to attend NOT as a vendor which I gotta say was pretty nice. Here are the talks I attended. Intranet Invasion With Anti-DNS Pinning It's All About The Timing Tactical Exploitation (Part 1) Dangling Pointer IsGameOver(), anyone? The Art of Unpacking…
-
Leaving for blackhat
I'll be leaving for blackhat shortly and site updates will slow down a bit as well as moderation of the web security mailing list. If you're in vegas and want to chat appsec, be sure to RSVP to the huge OWASP/WASC party, I'll be there with just about every other application security industry person. I'll…
-
Announcement: WASC and OWASP Joint Blackhat Vegas Party
This year OWASP and WASC have decided to have a joint party at Blackhat vegas. I’ll be there with many of the other appsec industry people. RSVP if you want to attend!
-
WASC Announcement: Distributed Open Proxy Honeypot Project Data Released
The Web Application Security Consortium (WASC) is pleased to announce the inital release of data collected by the Distributed Open Proxy Honeypot Project. This first release of information is for data gathered from January – April, 2007. During this timeframe, we had 7 internationally placed honeypot sensors deployed and sending their data back to our…
-
WASC Meetup at JavaOne (San Francisco 2007)
WASC is organizing a Meet-Up during the JavaOne Conference (May 8-11 @ San Francisco Moscone Center). As usual this will be an informal gathering. No agenda, slide-ware, or sponsors. We’re expecting maybe 10-20 like minded webappsec people to share some food, drinks, and stimulating conversation. Everyone is welcome and it should be a really fun…
-
WASC-Articles: ‘The Importance of Application Classification in Secure Application Development’
The Web Application Security Consortium is proud to present ‘The Importance of Application Classification in Secure Application Development‘ by Rohit Sethi. In this article Rohit describes the importance of Application Classification during the secure development process. Article Link: http://www.webappsec.org/projects/articles/041607.shtml
-
WASC Beerfest in Silicon Valley
Jeremiah Grossman sent this out to the web security mailing list today. "Normally we hold WASC Meet-Ups during large conferences (RSA/ BlackHat) where a lot of web application security people are at same place at the same time. Around the S.F. Bay Area there's enough webappsec people that we we no longer need that excuse.…
-
WASC Threat Classification Project – Call for Participants
"I’m sending this email to the list seeking people to contribute towards The Threat Classification Version 2.0. Time has passed since the initial TC release, and it’s important to keep this widely utilized document up to date. Project Homepage http://www.webappsec.org/projects/threat/ Interested participants can contact ‘contact_@_webappsec.org" Announcement Link: http://www.webappsec.org/lists/websecurity/archive/2007-03/msg00041.html
-
WASC RSA Meet-up
This years RSA Conference is being held at the San Francisco Moscone Center [2] (February 5 � 9) and every year, for the past couple years, we�ve coordinated an informal WASC Meet-Up. Usually about 20 or so people in the web application security community show up to have some fun sharing drinks, appetizers, conversation, and…
-
WASC-Announcement: Capturing and Exploiting Hidden Mail Servers
The Web Application Security Consortium is proud to present 'MX Injection: Capturing and Exploiting Hidden Mail Servers' written by Vicente Aguilera Diaz of Internet Security Auditors. In this article Vicente discusses how an attacker can inject additional commands into an online web mail application communicating with an IMAP/SMTP server. Article Link: http://www.webappsec.org/projects/articles/121106.shtml
-
WASC Beerfest in Silicon Valley
Jeremiah Grossman sent this out to the web security mailing list today. "Normally we hold WASC Meet-Ups during large conferences (RSA/ BlackHat) where a lot of web application security people are at same place at the same time. Around the S.F. Bay Area there’s enough webappsec people that we we no longer need that excuse.…
-
The Web Application Firewall Evaluation Criteria v1 Released
The Web Application Security Consortium is pleased to announce v1.0 of The Web Application Firewall Evaluation Criteria. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria.
-
OWASP vs WASC
CMP Media has written a nice comparison chart between WASC (an organization I co founded 🙂 and OWASP. While I may not agree with everything in this article, it does clearly outline a few key points between the two organizations. However I *don't* agree with the following: "Two organizations promise to help. The Open Web…
-
Web Application Security Consortium (WASC) releases ‘Threat Classifications’ document
WASC has released a web security 'Threat Classifications' document that attempts to help clarify some of the terms used in web security (such as xss, session fixation, insufficient authorization, etc…). Additional information can be found at the link below. http://www.webappsec.org/threat.html
-
Web Application Security Consortium group formed
A new web security group called The Web Application Security Consortium announced itself today. This group will release documents, and form projects to help address some of the issues in web security. The first release by this group is the "Web Security Glossary", a index of all common terminology involving web application security. " The…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack