Spread the OWASP Holiday Cheer

Linux.com is running a feature article on Building Secure Web Applications with OWASP. We're trying to Slashdot it, so everybody who reads this -- go and do that right now!

The article is good and features quotes from Josh Sweeney of SecurityDistro.com. I met Josh at the VERIFY 2007 Conference in Washington DC about two months ago -- and really enjoyed the nice words he had to say about OWASP in this new article.

One of the most interesting parts of this article is that it mentions the OWASP Sponsorship programs. For those that don't know, I was working with Mark Curphey on the OWASP Web Security Certification Framework. This project was a part of the OWASP Spring of Code 2007 sponsorship program.

Mark wrote the first 50 or so pages until I was brought in to collaborate. Our October release was made available in book format on Lulu.com. The book is entitled, OWASP Evaluation And Certification Criteria. It's available in PDF as a free download, as well as in paperback book form at a small cost.

I'm going to release an updated version of that document within the next two weeks. I would appreciate it if those of you out there who have interest in this (or PABP / PA-DSS) would join the owasp-webcert mailing-list. You may also post a comment here and I will contact you to get involved. This is an open document with an open project, so it deserves lots of peer review!

In order to not taint myself, I have also avoided reading the PABP best-practices and the PA-DSS draft requirements/standard. However, I am going to read PA-DSS once it is completed, which should also be very soon.

Posted by Dre on Thursday, December 20, 2007 in Security.