I attended a meeting of the Hartford, CT, chapter of OWASP yesterday – James McGovern was so nice of inviting me there. OWASP is a group focusing on web application security, with a heavy emphasis on “application” (in contrast to “infrastructure”). Most of the attendees were either directly working in the financial industry or closely working with them – at the end of the day, it was Hartford.
To me it was a very interesting event – especially since I have mostly been thinking about platform and infrastrastructure security and not so much about the applications. Some of the emerging standards (like PCI DSS) were rather new to me, but seem interesting enough for me to take a look at.
Some more interesting tools and tidbits:
- WebGoat is a “deliberately insecure JEE application”, designed to teach developers how to *not* code a web application. This should be fun to take a look at.
- WebScarab is an intercepting HTTP(S) proxy.
- The OWASP Top Ten also has some interesting reading.
Overall, I am looking forward to staying in touch with this group.