Hi,

Today I found this information (while reading WAHH2) and I thought to share it with you. You can have free access at the archive at:

http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/

"What is The Web Security Mailing List?
The Web Security Mailing List is an open information forum for discussing topics relevant to web security. Topics include, but are not limited to, industry news and technical discussions surrounding web applications, proxies, honeypots, new attack types, methodologies, application firewalls, discoveries, experiences, web servers, application servers, database security, tools, solutions, and others. "

I already found some interesting topics.

I am a member of OWASP and wanted to give a shout to everyone out there to try to attend meetings (typically free) and check out free OWASP courses/learning materials.

Hi Alucian - Don't see that it is restricted, give it a shot:

http://www.owaspa.org/learning_blocks/login/index.php

I think that the access to this courses and the fact that part of the money will go to support some OWASP projects justify the 50$ for membership.

I'll join OWASP as a member.

Thanks!

Check out your local OWASP chapter at https://www.owasp.org/index.php/Category:OWASP_Chapter

I run the recently formed OWASP Orlando chapter and we have some amazing speakers lined up for our next meeting. I consistently see world class speakers, the guys who you typically only see at major conferences, speaking at these free events. It's amazing value and part of the reason why I am involved is the huge potential for outreach with non-security developer and sysadmin groups, where we really need it. Even if you don't join as a paying member (although I HIGHLY recommend it) come out to a local chapter meeting, get involved in the discussion and join the party! I don't know of any chapters that charge for attendance to these events and the presentations usually blow other nameless information security groups' vendor shills out of the water.

Shameless plug - https://www.owasp.org/index.php/Orlando

Sounds like an opportunity to get involved!

First off, make sure you see Kevin speak. Kevin is AWESOME!

Secondly, don't be scared. Many of these meetings will have a techie talk and a management level talk. For instance, our next meeting has a talk on OWASP the organization and the culture of the org, where we came from and what the roadmap for 2012 looks like and then a technical talk on effective XSS defenses. I find most presentations are pretty easy to follow and I'm a pretty bad coder. The only way you learn is to immerse yourself.

It's OK to show up and tell folks "I'm a sysadmin who wants to learn more about protecting web and mobile apps" or "I'm just learning how to code so I can more effectively test apps" or "I'm here because my wife is a troll and I don't want to go home". These groups are typically very open to new faces and are just happy to see someone else in their area is thinking about appsec. Just don't be an askhole.