|
First
Quarter 2005
Volume 2, Issue 1
SPOTLIGHT
ON: Web Application Vulnerabilities
Greetings from SVRM Update, a quarterly newsletter from Ounce Labs
that covers the developing
arena of software vulnerability risk management. This issue discusses
the most critical Web application vulnerabilities and methods for
identifying and remediating these threats to your organization.
If you would prefer not to receive future issues, you may unsubscribe
here.
|
IN THIS ISSUE:
 SPOTLIGHT ARTICLES
 The
Dirty Dozen: The Top Web Application
Vulnerabilities
and How To Hunt Them Down at the Source
Q&A
With Laura Koetzle, Vice President, Research
Director,
Forrester Research
Measurable
Software Risk Management: Ounce Labs
Announces
Prexis 3.0
Secure
Foundations: An Ounce Labs Higher Education Partnership
Program
OUNCE POLL
OUNCE ANNOUNCES
UPCOMING EVENTS
SPOTLIGHT ARTICLES
The
Dirty Dozen: The Top Web Application Vulnerabilities and How
to Hunt Them Down at the Source
Identifying and eliminating Web application vulnerabilities
within the source code is most important step towards overall
enterprise security. Developers, QA specialists, and security
managers alike must be able to efficiently identify areas of
risk and remediate the threat, significantly improving their
applications and drastically reducing levels of operational
risk and exposure. Click
here for full article.
|
Secure
Foundations: An Ounce Labs Higher Education Partnership Program
Ounce Labs has invested over $500,000 worth of software and
research grants to launch the Secure Foundations Initiative,
working with leading university programs in teaching secure
coding best practices as part of comprehensive computer science
curricula. Students will work with Ounce Labs’ technology
and security experts to obtain hands-on experience with the
concepts and implementation of secure programming techniques.
Click
here for full article.
|
Measurable
Software Risk Management: Ounce Labs Announces Prexis 3.0
Ounce Labs recently announced version 3.0 of its source code
vulnerability analysis software, Prexis. Prexis 3.0 features
add support for Java and JSP programming languages as well as
Microsoft Windows, Linux, and Solaris environments. To increase
management-level control, the assessment and report capabilities
now include the Software Security Profile, an audit checklist
that verifies the implementation of critical security features.
Click
here for full article. |
  Read
a brief Q&A Laura Koetzle, Vice President, Research
Director, Forrester Research, recently spoke with Ounce Labs
about the importance of software security and the role of automated
source code analysis tools in the marketplace today. |
|
What will be the primary development language(s) used by your
organization to develop business and Web applications in the
next several years?
* (check all that apply)
UPCOMING EVENTS
|
February 14-18,2005
RSA Conference 2005, San Francisco -
Ounce Labs selected as one of 12 “Innovation Station”
participants. Come visit us at booth #215 and at the Innovation
Station #1442. |
|
|
March 1, 2005
Transend’s IT Security and Privacy Symposium
2005, Toronto -
Ounce Labs, Silver Sponsor |
|
April 12-14,
2005
Software Security Summit, San Diego -
Co-Founder Ryan Berg presenting “The Dirty Dozen”
and demonstrating product. |
|
April 18-21,
2005
The Joint Services’ Systems Software Technology
Conference, Salt Lake City - Ounce Labs exhibiting
and demonstrating product. |
OUNCE ANNOUNCES
|
|
|
