Author: +Oliver Ng I’m happy to announce a partnership with ISC2 to bring you our OWASP course complimentary  for CISSP members.  Access is limited to the next 30 days, so get in on it fast and collect your 2 CPEs for watching these videos. These videos also outline our great new training format for CBTs that…

Last year we released a paper called the “The Secure Web Application Framework Manifesto” in the hopes of influencing web application framework developers to include more security features natively, or at least optionally, out-of-the box. Subsequently we made the paper into an OWASP project. Recently, Mark Curphey posted a blog entrycriticizing the state of OWASP and…

A few months ago we released the first version of the Secure Web Application Framework Manifesto: a set of requirements intended to guide web application framework developers in making more secure web application frameworks from the start. Today we’re pleased to announce our next draft of the manifesto. We’ve reformatted the requirements according to much of the…

It’s clear that your choice of web application framework makes a significant impact on the security of individual applications. Today we’re releasing a draft version of the Secure Web Application Framework Manifesto – a document that provides a set of security requirements to web application frameworks themselves. Once we’ve collected feedback from the community, we’d…

Come check us out at OWASP DC. We’ll be speaking on theSecurity Analysis of Core J2EE Patterns and teaching classes on Threat Model Express and Java Source Code Review

We’re happy to announce that our Security Analysis of the J2EE Core Patterns is now officially an OWASP project! I’ll be the project leader and look forward to getting your input on constantly improving this doc. Thanks to everyone who has supported us in this effort thus far!