Version 3 of the OWASP testing guide is now available! This project’s goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues. Thanks to all that put in the [...]

For those that weren’t able to attend the OWASP NYC Appsec 2008 Conference, the video from all the presentations are now online! Intro OWASP 3.0 – Who We Are And How We Got Here by The OWASP Foundation Track 1 Analysis Of The Web Hacking Incident Database by Ofer Shezaf HTTP Bot Research by Steven [...]

This year we weren’t able to attend the annual OWASP AppSec conference. But Josh from the Web Admin Blog attended and did an amazing job at live blogging the event. Here are links to his various posts from the conference: Day 1 Keynote – OWASP AppSec NYC 2008 Web Application Security Roadmap OWASP Google Hacking [...]

A few days ago, OWASP Israel held a full day, two track conference. The presentations are now available to download on the OWASP Israel 2008 Conference page, and many of them sound interesting. Management Track Web Application Security and Search Engines – Beyond Google Hacking by Amichai Shulman Trends in Web Hacking: What’s Hot in [...]

Yesterday Jeremiah Grossman and Trey Ford from WhiteHat Security gave a very interesting and fun presentation called ‘Get Rich or Die Trying – Making Money on The Web, The Black Hat Way‘. They went over several real world examples of business logic flaws, and in some cases profited (a lot) from those flaws. The Get [...]

Vendor parties during Black Hat USA is always interesting, because the conference is in Las Vegas. Here is a list of vendors that I know of that are throwing parties this year at Black Hat USA 2008. Tuesday, August 5th Qualys Fortify Wednesday, August 6th Arbor Networks MANDIANT WASC / OWASP Thursday, August 7th Accuvant [...]

This post is part of the information security communities project. Hey everyone! My Name is Steven McGrath, and as a security professional local to the Chicago area, I thought it would be best to share a list of events that I am familiar with in the area: Chicago 2600 – Chicago 2600 is an informal [...]

This post is part of the information security communities project, and was guest blogged by Stacy Thayer, the founder and executive director of SOURCE Conference. The East Coast is home to some of the world’s leading computer security professionals. The computer security industry has been active for many years and is now experiencing rapid growth. [...]

Because I maintain the information security events calendar, I often get asked about local information security events. If I were to add all the local events that I know about, it would fill the calendar with a ton of entries, many of them not applicable to the users. I might start another calendar only for [...]