So for those that do not know, there is a great resource available to us called the Open Web Application Security Project (OWASP).
From their web site:
The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks.
OWASP offers many great resources, including a mailing list, chapter meetings all over the world, free OSS security application, presentations (ppt), videos, conferences, a wiki, and much more. It really is an amazing organization. For those that have never been, you should at least check out their web site.
Also from their website:
All of our materials are free and offered under an open source license, so you do not have to become a member to use them or participate in our projects, mailing lists, conferences, or other activities.
Now, that said, OWASP is a non-profit organization that survives on donations and membership fees. If you find the resources at OWASP useful, you should send a donation or consider becoming a member. But the great part is that you can see what they have to offer before you make that decision.
I have spent a lot of time looking around the OWASP Wiki, reviewing presentations and articles, and looking at the Web Scarab and WebGoat projects. I have to say that I am really impressed and excited by what I have seen. My next step is to attend a chapter meeting to see what that is like. I will likely become a member after that, and probably encourage my employer to become a member as well.
Unfortunately, the next chapter meeting falls on the same night and time as our local CFUG, at which I might be presenting. So I may have to wait until October to attend a chapter meeting and hope that they do not coincide again.