EH-Net

Hi,

Today I found this information (while reading WAHH2) and I thought to share it with you. You can have free access at the archive at:

http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/

"What is The Web Security Mailing List?
The Web Security Mailing List is an open information forum for discussing topics relevant to web security. Topics include, but are not limited to, industry news and technical discussions surrounding web applications, proxies, honeypots, new attack types, methodologies, application firewalls, discoveries, experiences, web servers, application servers, database security, tools, solutions, and others. "

I already found some interesting topics.

There's also the Owasp Mailing lists, that occasionally has "good" info too.

The webappsec.org mailing is however, heavily moderated and rarely contains the really cool stuff you would see on less heavily moderated lists. But it's a good list to follow none the less. ~ My personal opinion hehe  :)

I am a member of OWASP and wanted to give a shout to everyone out there to try to attend meetings (typically free) and check out free OWASP courses/learning materials.

I am a member of OWASP and wanted to give a shout to everyone out there to try to attend meetings (typically free) and check out free OWASP courses/learning materials.
[/quote]

This courses/learning are offered to the members only, or they are offered to the public?

Hi Alucian - Don't see that it is restricted, give it a shot:

http://www.owaspa.org/learning_blocks/login/index.php (http://www.owaspa.org/learning_blocks/login/index.php)

Some of the live courses does cost money  :) Well, not the actual courses, but to be a member you have to pay, in order to attend some if not all live courses.

I think that the access to this courses and the fact that part of the money will go to support some OWASP projects justify the 50$ for membership.

I'll join OWASP as a member.

Thanks!

Yeah huge value in my opinion, wealth of information for the cost!

Check out your local OWASP chapter at https://www.owasp.org/index.php/Category:OWASP_Chapter

I run the recently formed OWASP Orlando chapter and we have some amazing speakers lined up for our next meeting. I consistently see world class speakers, the guys who you typically only see at major conferences, speaking at these free events. It's amazing value and part of the reason why I am involved is the huge potential for outreach with non-security developer and sysadmin groups, where we really need it. Even if you don't join as a paying member (although I HIGHLY recommend it) come out to a local chapter meeting, get involved in the discussion and join the party! I don't know of any chapters that charge for attendance to these events and the presentations usually blow other nameless information security groups' vendor shills out of the water.

Shameless plug - https://www.owasp.org/index.php/Orlando

Out CT OWASP chapter appears to be dead.  There is no activity and when you try to sign up you get a bounce back for the list with no response from the chapter president.  I was hoping to look for a professional group to meet with every so often to talk geek and Info Sec.  Hmm maybe some the chapter needs a jump start.

Sounds like an opportunity to get involved!

Exactly the reason why I'm looking at local groups as well.  It looks like the Portland OWASP chapter is starting to pick up again.  I jumped on the mailing list in December right before they had their first meeting in a long time.  They've scheduled another for this month, as well as scheduled Kevin Johnson (the SANS instructor) for a meeting on June 11th.

I'm a little hesitant to go because it seems most everybody has coding backgrounds at these meetings (judging by their Linkedin profiles).  I don't have any kind of coding background and I'm having one hell of a time trying to pick it up myself.  But after taking the eLearnSecurity course, the web app security stuff really piques my interest!  One day I'll get the courage to go... haha

First off, make sure you see Kevin speak. Kevin is AWESOME!

Secondly, don't be scared. Many of these meetings will have a techie talk and a management level talk. For instance, our next meeting has a talk on OWASP the organization and the culture of the org, where we came from and what the roadmap for 2012 looks like and then a technical talk on effective XSS defenses. I find most presentations are pretty easy to follow and I'm a pretty bad coder. The only way you learn is to immerse yourself.

It's OK to show up and tell folks "I'm a sysadmin who wants to learn more about protecting web and mobile apps" or "I'm just learning how to code so I can more effectively test apps" or "I'm here because my wife is a troll and I don't want to go home". These groups are typically very open to new faces and are just happy to see someone else in their area is thinking about appsec. Just don't be an askhole.  ;D

I really wish there was a chapter in Baton Rouge, or even NOLA. I emailed them about starting a chapter, but I never got a response. I guess I just have to move.

I've never met Kevin personally, but I just wrapped up an engagement with SecureIdeas, and they did a great job. Kevin didn't do the actual testing, but I was impressed that he personally got on the phone right away during pre-sales and helped scope the engagement, discuss methodology, etc.

No offense to you, rowleytyrese, as at least your spam DOES follow the VERY 'general' ideas of the threads to which you're posting it.

But can you please stop throwing generic information out to every other thread we have?  It's like you see a subject, look up a random 2 lines of related information on a brief google search, and post a reply.

If you're not going to post 'useful' information, truly relevant to the actual conversation and contributing to the actual discussion, please don't reply...

<Edit - I KNOW it's still a spammer, but in trying to be polite...>

Some use came out of him. I found the "echo -e "OPTIONS / HTTP/1.0\n" | nc -v server 80" from one of the old threads he dug up. Would have been more useful last night.

But I like the generalized version of spam, and then having him hope we'll click his sig link compared to some of the other stuff. I do read this at work, so hard to explain that I'm not surfing porn, but some spammer tossed naked pictures in to the hacker forum I'm hanging out on. :)

LOL!  I see someone whacked the posts fast.

Agreed, that every now and then, something MIGHT be helpful.  But SO tired of the BS spammers...  When I read our threads, I don't have time to keep wading, to see if I missed something in a thread PRIOR to the spam...

Oh well.  Life moves on.   ;)

I'm busy enough now, that I really only scan through the threads. if I see something in the scan that says hey this is cool, I'll go back and read the whole thing.