[ml] OWASP v2

Buongiorno a tutti,
vorrei aggiornarvi sul fatto che è da poco disponibile on-line la
nuova versione del progetto OWASP (Open Web Application Security
Project): http://www.owasp.org

Il portale si è evoluto verso la tecnologia Wiki che permette una più
immediata condivisione delle informazioni. I progetti OWASP sono
cresciuti di numero ed ampliati, di seguito l'elenco completo su cui
stiamo lavorando
(http://www.owasp.org/index.php/Category:OWASP_Project):

*  OWASP AJAX Security Project - investigating the security of AJAX
enabled applications
* OWASP Application Security Assessment Standards Project - establish
a set of standards defining baseline approaches to conducting
differing types/levels of application security assessment
* OWASP AppSec FAQ Project - an FAQ covering many application security topics
* OWASP CAL9000 Project - a JavaScript based web application security
testing suite
* OWASP CLASP Project - a project focused on defining process
elements that reinforce application security
* OWASP Code Review Project - a new project to capture best practices
for reviewing code
* OWASP Guide Project - a massive document covering all aspects of
web application and web service security
* OWASP Honeycomb Project - a comprehensive and integrated guide to
the fundamental building blocks of application security
* OWASP Legal Project - a project focused on contracting for secure software
* OWASP Logging Project - a project to define best practices for
logging and log management
* OWASP Metrics Project - a project to define workable application
security metrics
* OWASP .NET Project - a project focused on helping .NET developers
build secure applications
* OWASP PHP Project - a project focused on helping PHP developers
build secure applications
* OWASP Java Project - a project focused on helping Java and J2EE
developers build secure applications
* OWASP Risk Management Project - a new project focused on processes
for managing application security risk
* OWASP Testing Project - a project focused on application security
testing procedures and checklists
* OWASP Top Ten Project - an awareness document that describes the
top ten web application security vulnerabilities
* OWASP Validation Project - a project that provides guidance and
tools related to validation.
* OWASP WASS Project - a standards project to develop more concrete
criteria for secure applications
* OWASP WebGoat Project - an online training environment for hands-on
learning about application security
* OWASP WebScarab Project - a tool for performing all types of
security testing on web applications and web services

Il progetto "Web Application Penetration Testing" (al quale
OWASP-Italy ha fornito un proprio contributo) è giunto alla v2: molto
materiale è già on-line e sarà disponibile un live-cd a breve:
http://www.owasp.org/index.php/Category:OWASP_Testing_Project

Siamo oramai giunti a 73 local chapter, il nostro lo trovate alla seguente URL:
http://www.owasp.org/index.php/Italy
Qui potete prendere visione dei task svolti da OWASP-Italy in più di
un anno di attività .

OWASP è un progetto Open Source è chiunque può parteciparvi. Se siete
interessati a contribuire:
http://www.owasp.org/index.php/Become_an_OWASP_Volunteer
oppure potete scrivere direttamente a me.

Grazie e buona giornata,
Mat

--
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
site: http://www.owasp.org/index.php/Italy
mail: matteo.meucci@xxxxxxxxx
ml: http://lists.owasp.org/mailman/listinfo/owasp-italy