|
|
| (96 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <IfLanguage Is="en"> |
| − | ; '''Mon ## - [http://link Snarky headline]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | : Comment or "Quote"
| + | </IfLanguage> |
| − | -->
| + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jul 5 - [http://www-128.ibm.com/developerworks/library/j-ajax4/index.html?ca=dnw-723 Just because it's AJAX doesn't mean you don't need input validation]'''
| + | <owaspfeed/> |
| − | : "Google Web Toolkit's conflation of client-side and server-side code is inherently dangerous. Because you program everything in the Java language, with GWT's abstraction concealing the client/server split, it's easy to be misled into thinking that your client-side code can be trusted at run time. This is a mistake. Any code that executes in a Web browser can be tampered with, or bypassed completely, by a malicious user."
| |
| − | | |
| − | ; '''Jul 3 - [http://www.cio.com/archive/070106/tl_privacy.html FTC throws Nations Holding into the briar patch]'''
| |
| − | : This is an outrage. Companies can now continue to play fast and loose with people's data, safe in the knowledge that their only penalty will be to do stuff they ought to be doing anyway. Thanks FTC.
| |
| − | | |
| − | ; '''Jul 2 - [http://software.ericsink.com/articles/Four_Questions.html The voodoo economics of code]'''
| |
| − | : "The six billion people of the world can be divided into two groups: (1) People who know why every good software company ships products with known bugs. (2) People who don't. Those of us in group 1 tend to forget what life was like before our youthful optimism was spoiled by reality. Sometimes we encounter a person in group 2, perhaps a new hire on the team or even a customer. They are shocked that any software company would ever ship a product before every last bug is fixed."
| |
| − | | |
| − | ; '''Jun 26 - [http://www.infoworld.com/article/06/06/26/79520_26NNpcideadline_1.html?source=NLC-SEC2006-06-26 PCI update coming]'''
| |
| − | : "Track data from magnetic strips isn’t necessary to process credit card transactions but is valuable to hackers and identity thieves because it can be used to make counterfeit cards, said Avivah Litan, an analyst at Gartner. The data is often automatically saved by payment applications because developers assumed it was needed. In fact, many merchants may be unaware that their payment applications collect and cache the track data, leaving the data unprotected while giving the merchant a misplaced sense of security, Visa’s Elliott said."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
Latest revision as of 15:30, 6 May 2012
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
<owaspfeed/>
