|
|
| (82 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <IfLanguage Is="en"> |
| − | ; '''Mon ## - [http://www.artima.com/weblogs/viewpost.jsp?thread=168511 Give offensive coding a try...]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | : Comment or "Quote"
| + | </IfLanguage> |
| − | -->
| + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jul 18 - [http://www.fortifysoftware.com/reports/threatreport.jsp Fortify study shows raging storm]'''
| + | <owaspfeed/> |
| − | : "On average, 50%-70% of attacks experienced by web applications come from bots and bot networks searching for known vulnerabilities...The effect is much like a storm raging over a landscape – the probes are sprayed throughout the Internet and ceaselessly (and somewhat randomly) hit web applications."
| |
| − | | |
| − | ; '''Jul 18 - [http://pestilenz.org/cgi-bin/blosxom.cgi/2005/11/11 Think liability for vendors will work? Try unreliable programming]'''
| |
| − | : Imagine there was liability for software vendors. They would introduce "an interesting new paradigm of programming. Methods of this school of programming could include: Do something random, procrastination, decoy, blame someone else, and Inject errors in other running programs."
| |
| − | | |
| − | ; '''Jul 17 - [http://link Give offensive coding a try]'''
| |
| − | : "Spurious null checks are a symptom of bad code. That’s not to say that null checks are wrong. If a vendor gives you a library that can return null, you’re obliged to check for null. And, if people are passing null all over the place in your code, it makes sense to keep putting some null checks in, but, you know what? That just means that you’re dealing with bad code"
| |
| − | | |
| − | ; '''Jul 12 - [http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html Beware integer overflow in Java]'''
| |
| − | : Joshua Bloch (of Java Puzzlers fame) discovered this [[Integer overflow|overflow]] that affects Arrays.binarySearch() and any other divide-and-conquer algorithms (probably other languages as well). "The general lesson that I take away from this bug is humility: It is hard to write even the smallest piece of code correctly, and our whole world runs on big, complex pieces of code."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
Latest revision as of 15:30, 6 May 2012
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
<owaspfeed/>
