The Top Ten project has released Japanese, French, and Korean versions of the 2004 Top Ten.
The first VulnXML db draft release is available at:
VulnXML is a description for static known vulnerabilities and provides all necessary information to let an execution engine automatically craft and launch appropriate HTTP, SOAP or WebDAV requests and analyse the response whether the attack had success.
Besides it provides some human readable classification of the described vulnerability.... read more
The first beta of the OWASP Common Library (OCL) has been released. OCL is a a fast, very lightweight and security centered java library to support building scalable and secure web applications running on a J2EE servlet engine with very low resource consumption.
This release comes with lots of full-working functionality including fast form validation, a highly modular form layout engine and a bunch of security-centered auxiliary classes for javax.servlet.
Several additions and bugfixes have been integrated into this early release.
Most of them are features neede by the VulnXML database web application.
- indexing on database engines
- MikiDoc renderer added
- @man repository added
Try out some of these new features.
Today the WebScarab project has been ported to be backed by the OWASP common library (ocl).
This is another step towards the complete integration of all OWASP subprojects to one SourceForge project (projects/owasp, group_id=64424).
To use it, get the ocl.tar.bz2, webscarab.tar.bz2, unpack them, type "ant jar" first for the common library, then for webscarab (install a copy of the owasp.jar into webscarab/lib first) and try to spider some sites with webscarab.... read more