OWASP

I was invited, through my work, to attend a local OWASP (Open Web Application Security Project) chapter meeting today. I must say that this project is just what I was looking for as a security professional diving into web application security. The website is simply loaded with tons and tons of information, instruction, the code examples I so desire and even tests and test site modules to allow you to learn how to use the various exploits covered. They have a Java application that you can install locally and run attacks and test modules against to familiarize you with each class of vulnerability. My last post was sort of a rant, as pointed out by an unnamed poster, and this experience has really awakened me to what is out there aside from text books and trial and error. The industry is certainly taking the web application issue quite seriously from this example and it is great to have access to this information. If anyone is in my "boat" I would strongly encourage you to take a look at this site and join a local chapter if you have one i your area. It was well worth my time and I will be a participating member from this day forward.