Advanced SQL Injection - Victor Chapela

Download Report

Transcript Advanced SQL Injection - Victor Chapela 

Java Project Status
OWASP
AppSec
Seattle
Oct 2006
Rohyt Belani
OWASP Java Project Lead
Managing Director, MANDIANT
[email protected]
Copyright © 2006 - The OWASP Foundation
Permission is granted to copy, distribute and/or modify this document under the
terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this
license, visit http://creativecommons.org/licenses/by-sa/2.5/
The OWASP Foundation
http://www.owasp.org/
The Objective
 To facilitate the building of secure Java and J2EE
applications
 Introduce Software Architects to security design and
architectural considerations
 Arm Java developers with the know-how to cover the
spectrum of security issues during development, such as
input validation, encryption, error handling, logging, etc.
 Assist application deployers in reducing the attack
surface of the application servers
 Provide security testers information on security analysis
tools and techniques
OWASP AppSec Seattle 2006
2
What have we achieved?
Started in June 2006
Led by Stephen De Vries & Rohyt Belani
Over 50 members subscribed to the project
mailing list
11 articles
Several more articles in the works
Articles provide practical information
supplemented with appropriate snippets of code
OWASP AppSec Seattle 2006
3
Our plan going forward…
Provide practical coverage on noteworthy
frameworks like Struts, Hibernate, etc.
Complete work on the current list of articles in
the next 6 months
Make this project the “one stop shop” for the
security needs of Java developers
We need your help to make this happen!
OWASP AppSec Seattle 2006
4
What you can do…
Provide suggestions on topics that you will like
covered in addition to those currently outlined in
the project roadmap
Initiate and participate in appropriate idea
exchanges on the project mailing list
Contribute by writing articles or even pieces of
larger articles
Secure the world…function() by function()
OWASP AppSec Seattle 2006
5
For more information…
Visit:
http://www.owasp.org/index.php/Category:OWASP_Java_Project
Email Contact:
Rohyt Belani: [email protected]
Stephen De Vries: [email protected]
OWASP AppSec Seattle 2006
6