|
|
| (21 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- please add stories to the main Application Security News page --> | + | <IfLanguage Is="en"> |
| | + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| | + | </IfLanguage> |
| | + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jan 18 - [http://www.securityfocus.com/news/11436?ref=rss Security advice from the devil you know!]
| + | <owaspfeed/> |
| − | : The devil you know lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.
| |
| − | | |
| − | ; '''Jan 18 - [http://jeremiahgrossman.blogspot.com/2007/01/web-application-security-professionals.html Web Application Security Professionals Survey (Jan. 2007)]'''
| |
| − | : Jeremiah Grossman just released his (unscientific) survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
| |
| − | | |
| − | ; '''Jan 18 - [http://www.scmagazine.com/asia/news/article/626120/hackers-attack-moneygram-international-server-breach-personal-info-80000-customers/ Hackers attack MoneyGram International server, breach personal info of 80,000 customers]'''
| |
| − | : A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.
| |
| − | | |
| − | ; '''Jan 10 - [http://www2.csoonline.com/exclusives/column.html?CID=28072 Vulnerability Disclosure: The Good, the Bad and the Ugly]'''
| |
| − | :''More than a decade into the practice of vulnerability disclosure, where do we stand? Are we more secure? Or less?'', three good articles: [http://www2.csoonline.com/exclusives/column.html?CID=28071 Microsoft: Responsible Vulnerability Disclosure Protects Users] , [http://www2.csoonline.com/exclusives/column.html?CID=28073 Schneier: Full Disclosure of Security Vulnerabilities a ’Damned Good Idea’], [http://www2.csoonline.com/exclusives/column.html?CID=28072 The Vulnerability Disclosure Game: Are We More Secure?] and [http://www.csoonline.com/read/010107/fea_vuln.html The Chilling Effect]
| |
| − | | |
| − | ; '''Jan 3 - [http://www.gnucitizen.org/blog/danger-danger-danger/ XSS in ALL sites with PDF download]'''
| |
| − | : Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet.
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
