.

Web Security Mailing List

<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Sat Jan 14, 2012 4:20 pm

Web Security Mailing List

Hi,

Today I found this information (while reading WAHH2) and I thought to share it with you. You can have free access at the archive at:

http://lists.webappsec.org/pipermail/we ... ppsec.org/

"What is The Web Security Mailing List?
The Web Security Mailing List is an open information forum for discussing topics relevant to web security. Topics include, but are not limited to, industry news and technical discussions surrounding web applications, proxies, honeypots, new attack types, methodologies, application firewalls, discoveries, experiences, web servers, application servers, database security, tools, solutions, and others. "

I already found some interesting topics.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sat Jan 14, 2012 6:05 pm

Re: Web Security Mailing List

There's also the Owasp Mailing lists, that occasionally has "good" info too.

The webappsec.org mailing is however, heavily moderated and rarely contains the really cool stuff you would see on less heavily moderated lists. But it's a good list to follow none the less. ~ My personal opinion hehe  :)
I'm an InterN0T'er
<<

l33t5h@rk

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Tue Nov 22, 2011 12:06 am

Post Sat Jan 14, 2012 8:32 pm

Re: Web Security Mailing List

MaXe wrote:There's also the Owasp Mailing lists, that occasionally has "good" info too.

The webappsec.org mailing is however, heavily moderated and rarely contains the really cool stuff you would see on less heavily moderated lists. But it's a good list to follow none the less. ~ My personal opinion hehe  :)


I am a member of OWASP and wanted to give a shout to everyone out there to try to attend meetings (typically free) and check out free OWASP courses/learning materials.
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Sat Jan 14, 2012 8:49 pm

Re: Web Security Mailing List

I am a member of OWASP and wanted to give a shout to everyone out there to try to attend meetings (typically free) and check out free OWASP courses/learning materials.
[/quote]

This courses/learning are offered to the members only, or they are offered to the public?
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

l33t5h@rk

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Tue Nov 22, 2011 12:06 am

Post Sat Jan 14, 2012 9:40 pm

Re: Web Security Mailing List

alucian wrote:This courses/learning are offered to the members only, or they are offered to the public?


Hi Alucian - Don't see that it is restricted, give it a shot:

http://www.owaspa.org/learning_blocks/login/index.php
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Jan 15, 2012 12:51 am

Re: Web Security Mailing List

alucian wrote:This courses/learning are offered to the members only, or they are offered to the public?


Some of the live courses does cost money  :) Well, not the actual courses, but to be a member you have to pay, in order to attend some if not all live courses.
I'm an InterN0T'er
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Sun Jan 15, 2012 12:59 am

Re: Web Security Mailing List

I think that the access to this courses and the fact that part of the money will go to support some OWASP projects justify the 50$ for membership.

I'll join OWASP as a member.

Thanks!
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

l33t5h@rk

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Tue Nov 22, 2011 12:06 am

Post Sun Jan 15, 2012 12:27 pm

Re: Web Security Mailing List

alucian wrote:I think that the access to this courses and the fact that part of the money will go to support some OWASP projects justify the 50$ for membership.

I'll join OWASP as a member.

Thanks!


Yeah huge value in my opinion, wealth of information for the cost!
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Jan 18, 2012 2:13 pm

Re: Web Security Mailing List

Check out your local OWASP chapter at https://www.owasp.org/index.php/Category:OWASP_Chapter

I run the recently formed OWASP Orlando chapter and we have some amazing speakers lined up for our next meeting. I consistently see world class speakers, the guys who you typically only see at major conferences, speaking at these free events. It's amazing value and part of the reason why I am involved is the huge potential for outreach with non-security developer and sysadmin groups, where we really need it. Even if you don't join as a paying member (although I HIGHLY recommend it) come out to a local chapter meeting, get involved in the discussion and join the party! I don't know of any chapters that charge for attendance to these events and the presentations usually blow other nameless information security groups' vendor shills out of the water.

Shameless plug - https://www.owasp.org/index.php/Orlando
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Wed Jan 18, 2012 4:16 pm

Re: Web Security Mailing List

Out CT OWASP chapter appears to be dead.  There is no activity and when you try to sign up you get a bounce back for the list with no response from the chapter president.  I was hoping to look for a professional group to meet with every so often to talk geek and Info Sec.  Hmm maybe some the chapter needs a jump start.
Certs: GCWN
(@)Dewser
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Jan 18, 2012 4:22 pm

Re: Web Security Mailing List

Sounds like an opportunity to get involved!
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Wed Jan 18, 2012 4:38 pm

Re: Web Security Mailing List

3xban wrote:Out CT OWASP chapter appears to be dead.  There is no activity and when you try to sign up you get a bounce back for the list with no response from the chapter president.  I was hoping to look for a professional group to meet with every so often to talk geek and Info Sec.  Hmm maybe some the chapter needs a jump start.


Exactly the reason why I'm looking at local groups as well.  It looks like the Portland OWASP chapter is starting to pick up again.  I jumped on the mailing list in December right before they had their first meeting in a long time.  They've scheduled another for this month, as well as scheduled Kevin Johnson (the SANS instructor) for a meeting on June 11th.

I'm a little hesitant to go because it seems most everybody has coding backgrounds at these meetings (judging by their Linkedin profiles).  I don't have any kind of coding background and I'm having one hell of a time trying to pick it up myself.  But after taking the eLearnSecurity course, the web app security stuff really piques my interest!  One day I'll get the courage to go... haha
GSEC, eCPPT, Sec+
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Jan 18, 2012 5:08 pm

Re: Web Security Mailing List

lorddicranius wrote:They've scheduled another for this month, as well as scheduled Kevin Johnson (the SANS instructor) for a meeting on June 11th.

I'm a little hesitant to go because it seems most everybody has coding backgrounds at these meetings (judging by their Linkedin profiles).  I don't have any kind of coding background and I'm having one hell of a time trying to pick it up myself.  But after taking the eLearnSecurity course, the web app security stuff really piques my interest!  One day I'll get the courage to go... haha


First off, make sure you see Kevin speak. Kevin is AWESOME!

Secondly, don't be scared. Many of these meetings will have a techie talk and a management level talk. For instance, our next meeting has a talk on OWASP the organization and the culture of the org, where we came from and what the roadmap for 2012 looks like and then a technical talk on effective XSS defenses. I find most presentations are pretty easy to follow and I'm a pretty bad coder. The only way you learn is to immerse yourself.

It's OK to show up and tell folks "I'm a sysadmin who wants to learn more about protecting web and mobile apps" or "I'm just learning how to code so I can more effectively test apps" or "I'm here because my wife is a troll and I don't want to go home". These groups are typically very open to new faces and are just happy to see someone else in their area is thinking about appsec. Just don't be an askhole.  ;D
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Jan 18, 2012 5:45 pm

Re: Web Security Mailing List

I really wish there was a chapter in Baton Rouge, or even NOLA. I emailed them about starting a chapter, but I never got a response. I guess I just have to move.

I've never met Kevin personally, but I just wrapped up an engagement with SecureIdeas, and they did a great job. Kevin didn't do the actual testing, but I was impressed that he personally got on the phone right away during pre-sales and helped scope the engagement, discuss methodology, etc.
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Nov 26, 2012 9:26 am

Re: Web Security Mailing List

No offense to you, rowleytyrese, as at least your spam DOES follow the VERY 'general' ideas of the threads to which you're posting it.

But can you please stop throwing generic information out to every other thread we have?  It's like you see a subject, look up a random 2 lines of related information on a brief google search, and post a reply.

If you're not going to post 'useful' information, truly relevant to the actual conversation and contributing to the actual discussion, please don't reply...

<Edit - I KNOW it's still a spammer, but in trying to be polite...>
Last edited by hayabusa on Mon Nov 26, 2012 9:30 am, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
Next

Return to Web Applications

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software