Tools:

Tunneling data via VoIP – highdatasecurity.com
OWASP Software Assurance Maturity Model
HP SWFScan

Other News:

Washington D.C. Restaurants Become Credit Card Cloning Hot Spots – wired.com

SQLiBENCH is an OWASP SoC 2008 project to benchmark automatic sql injectors related to dumping databases.
There’re a bunch of and great open source tools (takeover/dumpers/hybrid) for taking advantage of an sql injection vulnerability both used by web application security specialists and attackers. Techniques used, databases supported, algorithms employed and abilities implemented by these "sql injectors" [...]

Version 3 of the OWASP testing guide is now available!
This project’s goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues.

Thanks to all that put in the work [...]

For those that weren’t able to attend the OWASP NYC Appsec 2008 Conference, the video from all the presentations are now online!
Intro

OWASP 3.0 – Who We Are And How We Got Here by The OWASP Foundation

Track 1

Analysis Of The Web Hacking Incident Database by Ofer Shezaf
HTTP Bot Research by Steven Adair
Get Rich Or Die Trying [...]

This year we weren’t able to attend the annual OWASP AppSec conference. But Josh from the Web Admin Blog attended and did an amazing job at live blogging the event. Here are links to his various posts from the conference:

Day 1 Keynote – OWASP AppSec NYC 2008
Web Application Security Roadmap
OWASP Google Hacking Project [...]

A few days ago, OWASP Israel held a full day, two track conference. The presentations are now available to download on the OWASP Israel 2008 Conference page, and many of them sound interesting.
Management Track

Web Application Security and Search Engines – Beyond Google Hacking by Amichai Shulman
Trends in Web Hacking: What’s Hot in 2008 [...]

Yesterday Jeremiah Grossman and Trey Ford from WhiteHat Security gave a very interesting and fun presentation called ‘Get Rich or Die Trying – Making Money on The Web, The Black Hat Way‘. They went over several real world examples of business logic flaws, and in some cases profited (a lot) from those flaws.
The Get [...]

Vendor parties during Black Hat USA is always interesting, because the conference is in Las Vegas. Here is a list of vendors that I know of that are throwing parties this year at Black Hat USA 2008.
Tuesday, August 5th

Qualys
Fortify

Wednesday, August 6th

Arbor Networks
MANDIANT
WASC / OWASP

Thursday, August 7th

Accuvant
Core Security
iSEC Partners
Microsoft

Saturday, August 9th

IOActive / StillSecure

Know of any [...]

This post is part of the information security communities project.
Hey everyone!
My Name is Steven McGrath, and as a security professional local to the Chicago area, I thought it would be best to share a list of events that I am familiar with in the area:

Chicago 2600 – Chicago 2600 is an informal gathering of [...]

This post is part of the information security communities project, and was guest blogged by Stacy Thayer, the founder and executive director of SOURCE Conference.
The East Coast is home to some of the world’s leading computer security professionals. The computer security industry has been active for many years and is now experiencing rapid growth. [...]