New OWASP Article, Project Update and Summer Conference !

Just wanted to drop a note to say that there is a great new article on the 
OWASP site called The Web Services Architecture and Security by George Capehart.

Its linked off the frontpage http://www.owasp.org

Also as a general OWASP update the Testing project is now scheduled to publish 
its first release within the next four / five weeks. We have split the document 
into two parts. Part One covers the Why, What, Where and When of testing web 
software and Part 2 which will be published later this year will cover the How. 
I think you will agree when you see it that it will set the pace for real 
security testing throughout the software development life cycle. It is very 
much focused on testing all aspects of security during the software development 
life cycle and based on best practices learned from the development community. 

Stan Guzik and team are also making great progress on the ISO-17799 project 
focused on applying ISO-17799 principles to the web security lifecycle. 

OASIS WAS is developing well. We will likely publish the Thesaurus and Risk 
Ranking scheme earlier than the full schema (due August) so that people can 
provide better scrutiny. I really beleive standards bodies are the place to 
create standards not vendor consortiums ! There will be C# and Java WAS 
execution engines for the Test element in development and Ivan Ristic of 
mod_security fame is now working on the protect element. 

Finally I am very pleased to announce that this summer we will be holding the 
first OWASP Conference in New York. We have a location and a provisional 
speaker line-up which we will be publishing soon. The 2 day conference will be 
dedicated to web software security topics and there will be presentations and 
training about OWASP topics such as WebGoat and Testing and more specific 
topics such as Java and .NET security. I think this is a great opportunity for 
us to get some really great speakers together in a great forum. 

More soon !