|
|
| (80 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <IfLanguage Is="en"> |
| − | ; '''Mon ## - [http://www.artima.com/weblogs/viewpost.jsp?thread=168511 Give offensive coding a try...]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | : Comment or "Quote"
| + | </IfLanguage> |
| − | -->
| + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jul 18 - [http://news.com.com/Symantec+sees+an+Achilles+heel+in+Vista/2100-7355_3-6095119.html?tag=nefd.lede Symantec deflowers Vista]'''
| + | <owaspfeed/> |
| − | : "Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner cases and defects...Vista is one of the most important technologies that will be released over the next year, and people should understand the ramifications of a virgin network stack."
| |
| − | | |
| − | ; '''Jul 18 - [http://www.networkworld.com/news/2006/071006-visa-security.html?page=4 PCI to require security code reviews]'''
| |
| − | : "The way the standard reads today, all provisions are treated equally, Litan says. She expects PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting software code reviews."
| |
| − | | |
| − | ; '''Jul 18 - [http://www.fortifysoftware.com/reports/threatreport.jsp Fortify study shows raging storm]'''
| |
| − | : "On average, 50%-70% of attacks experienced by web applications come from bots and bot networks searching for known vulnerabilities...The effect is much like a storm raging over a landscape – the probes are sprayed throughout the Internet and ceaselessly (and somewhat randomly) hit web applications."
| |
| − | | |
| − | ; '''Jul 18 - [http://pestilenz.org/cgi-bin/blosxom.cgi/2005/11/11 Think liability for vendors will work? Try unreliable programming]'''
| |
| − | : Imagine there was liability for software vendors. They would introduce "an interesting new paradigm of programming. Methods of this school of programming could include: Do something random, procrastination, decoy, blame someone else, and Inject errors in other running programs."
| |
| − | | |
| − | ; '''Jul 17 - [http://link Give offensive coding a try]'''
| |
| − | : "Spurious null checks are a symptom of bad code. That’s not to say that null checks are wrong. If a vendor gives you a library that can return null, you’re obliged to check for null. And, if people are passing null all over the place in your code, it makes sense to keep putting some null checks in, but, you know what? That just means that you’re dealing with bad code"
| |
| − | | |
| − | ; '''Jul 12 - [http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html Beware integer overflow in Java]'''
| |
| − | : Joshua Bloch (of Java Puzzlers fame) discovered this [[Integer overflow|overflow]] that affects Arrays.binarySearch() and any other divide-and-conquer algorithms (probably other languages as well). "The general lesson that I take away from this bug is humility: It is hard to write even the smallest piece of code correctly, and our whole world runs on big, complex pieces of code."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
