Web Application Security
Re: Shameless plug: OWASP Board Elections Oct 22 2014 05:53PM
Brian Zaugg (bzaugg authentic8 com) (1 replies)
Re: Shameless plug: OWASP Board Elections Oct 24 2014 08:35PM
Seth Art (sethsec gmail com) (1 replies)
Robin,

Thanks so much for the kind words about my talk. I gave an extended
version of my talk this past weekend at BSidesDC, and the video just
posted a few hours ago: https://www.youtube.com/watch?v=v5DIcAtnKRU.
The BSidesDC version includes a demo at the end which will hopefully
give people an idea of what is required to go from finding this
vulnerability to exploiting it.

Back to the real point of this thread: I also would love for this list
to become more active. It is one of the very few mailing lists that I
allow to go right to my inbox without a filter. :)

I think your recommendation is key -- The best way to make the list
more useful is to actually use it more. I pledge to do the same as you
-- to use this list as a resource whenever possible.

One last thought - Since this list is currently at such a low volume,
and Andrew has expressed that although he is the moderator, he does
not have full control: Should we use this opportunity to reboot and
move this list? Turn it into a google group managed list or something
similar. We could even take the web part out and call it appsec in a
move to include the mobile application people/topics, since they are
usually so similar.

Or should we just stick to the simple plan and try to revive this list
and keep the history in tact. I just looked and this list was pretty
crazy back in 2004, 2005!

http://seclists.org/webappsec/

Regards,

Seth

On Wed, Oct 22, 2014 at 1:53 PM, Brian Zaugg <bzaugg (at) authentic8 (dot) com [email concealed]> wrote:
>
> Here! Here! I like the idea of making the list more active and useful.
> And, a good article on cross-domain policy and CSRF is a great start.
>
> Brian
>
> >
> > On Tue, Oct 21, 2014 at 9:01 AM, Robin Wood <robin (at) digi (dot) ninj [email concealed]a> wrote:
> >>
> >> Hi
> >> I'd love to see the list going again and getting more use. I think my
> >> reason for not using it is that it isn't being used so I forget about
> >> it, it needs traffic to gain some traction and remind people it
> >> exists.
> >>
> >> I'll make sure that I post some questions when they come up, see if we
> >> can get it moving again.
> >>
> >> As a start, I've just watched this brilliant explanation of why an
> >> open crossdomain policy file is bad, I'd really recommend it to any
> >> app testers.
> >>
> >> http://www.irongeek.com/i.php?page=videos/derbycon4/t505-swf-seeking-laz
y-admin-for-cross-domain-action-seth-art
> >>
> >> Robin
> >>
> >> PS, as I've just found out, the list doesn't like MIME encoded mails
> >> so if you are sending through Gmail make sure you set the mail to
> >> plain text. I can't find a way to do this through the Android Gmail
> >> client though so if anyone knows how please share.
> >>
> >> On 21 October 2014 03:46, Andrew van der Stock <vanderaj (at) greebo (dot) net [email concealed]> wrote:
> >> > Hi there,
> >> >
> >> > Apologies for complete self interest where the list admin (me) pushes
> >> > a personal interest (OWASP). However, I believe the Open Web
> >> > Application Security Project is on topic for the web application
> >> > security mail list, and I wouldn't normally do it (you can check -
> >> > I've been moderator since 2004), but it's important.
> >> >
> >> > Beyond the plug below - I am very interested in ways we can revitalise
> >> > this list. I don't know about you, but getting CFPs and not much else
> >> > is getting old. Please reply and discuss how we might achieve that,
> >> > because the list has become pretty moribund.
> >> >
> >> > Shameless plug-a-rama:
> >> >
> >> > Full disclosure: not only is OWASP a long standing personal interest
> >> > of mine, I'm
> >> > also standing for the Board. That said, I'm not asking you to vote for
> >> > me (although that would be lovely!), I *am* asking you to vote if you
> >> > are an OWASP member!
> >> >
> >> > For those list members who are also OWASP members, please be aware
> >> > that there was a technical issue in relation to expired members not
> >> > getting a renewal notice, and thus not getting a ballot to vote. That
> >> > issue should be resolved now. You have until the 24th to renew and
> >> > then vote. More details:
> >> >
> >> > http://lists.owasp.org/pipermail/owasp-community/2014-October/000399.htm
l
> >> >
> >> > The election has been extended to October 31 for all electors to cope
> >> > with renewals and then give you time to make an informed vote.
> >> >
> >> > Please review the candidate interviews, and then place your vote.
> >> > HIstorically, our elections have been not representative of the OWASP
> >> > global membership as for whatever reason, members outside of the US
> >> > chose not to vote as often as OWASP US members. Let's get out the
> >> > vote!
> >> >
> >> > Look through these interviews, work out who are your favorite three
> >> > candidates, and vote for OWASP's future!
> >> >
> >> > https://www.owasp.org/index.php/2014_Board_Elections#2014_Board_Candidat
e_Interviews
> >> >
> >> > End shameless plug
> >> >
> >> > thanks,
> >> > Andrew
> >> >
> >> >
> >> >
> >> > This list is sponsored by Cenzic
> >> > --------------------------------------
> >> > Let Us Hack You. Before Hackers Do!
> >> > It's Finally Here - The Cenzic Website HealthCheck. FREE.
> >> > Request Yours Now!
> >> > http://www.cenzic.com/2009HClaunch_Securityfocus
> >> > --------------------------------------
> >> >
> >>
> >>
> >>
> >> This list is sponsored by Cenzic
> >> --------------------------------------
> >> Let Us Hack You. Before Hackers Do!
> >> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> >> Request Yours Now!
> >> http://www.cenzic.com/2009HClaunch_Securityfocus
> >> --------------------------------------
> >>
> >
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
Re: Shameless plug: OWASP Board Elections Oct 27 2014 09:26AM
Robin Wood (robin digi ninja)


 

Privacy Statement
Copyright 2010, SecurityFocus