So, we're finalizing some stuff for the OWASP Live CD (which is now being renamed to the OWASP Web Testing Environment (WTE) ) and I wanted to give you a preview of some of the great, great eye candy we're proof-of-concepting right now.  Without further ado, I give you the OWASP WTE Preview ...

Hey Everyone,

Here at AppSecLive.org, we’re gearing up for the New Year in a big way and I thought I’d take a few minutes to introduce myself and bring you, the AppSecLive.org community, up to date on what’s new in the world of the OWASP Live CD. And speaking of what’s new, I’ll bet your wondering who I am.

There has been quite a bit of discussion around some recent security issues. The first of which is a zero day MS exploit in IE. Details here:
 

So you may have heard that Firefox 3.5 just got released yesterday. If you just can't wait, you can get it here.  If you're like me, you're running Linux and hate waiting for the latest, greatest to make it to the repos. Also, you're paranoid and want to do minor upgrades with the built-in FF update mechanism ASAP instead of waiting for the repos to chatch up. Well my friend, you can. Its easy and will only cost you about 27 MB of disk space.

If you visit any modern Express Oil Change, it sure can help!!

Now seriously, Matt and I have started noticing Ubuntu and other GPL'd operating systems running all over the place. Think about it...

I apologize for the shameless self promotion, but I wanted to let you know that the interview I did with Ross Anderson at AppSec EU 2009 is now available here and on iTunes.  It covers some very interesting topics and expands on some of the issues raised in his keynote on

• mtesauro's blog
• Login or register to post comments
• Read more

Typically, companies give less security considerations to the web sites that they host internally on the intranet. This is understandable, given that the only users are trusted folks, and probably aren't going to try anything anyway. Most internal users do not have the technical skills to be a 1337 haxx0r and perform SQLi attacks on vulnerable web forms, and store XSS scripts on company knowledge bases. Now, I know what you are thinking.

I leave for a few days, come back and the security community has gone crazy with lots of exciting news. Here are a few things worth checking out:
 

So there was an interesting post by Andres (w3af project lead) yesterday on the w3af-users list noting an unusual behavior with Apache. Here's a very quick overview