|
|
| (76 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <IfLanguage Is="en"> |
| − | ; '''Mon ## - [http://www.artima.com/weblogs/viewpost.jsp?thread=168511 Give offensive coding a try...]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | : Comment or "Quote"
| + | </IfLanguage> |
| − | -->
| + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jul 24 - [http://www.theregister.co.uk/2006/07/22/bug_hunters_crawl_over_ms_office/page3.html Fuzzing comes of age]'''
| + | <owaspfeed/> |
| − | : "In fact, fuzzing tools appear to be the source of the deluge of Office flaws. Once considered a crutch for the lowest form of code hacker - the much-denigrated "script kiddie" - data-fuzzing tools have gained stature to now be considered an efficient way to find vulnerabilities, especially obscure ones."
| |
| − | | |
| − | ; '''Jul 20 - [http://news.netcraft.com/archives/2006/07/20/paypal_xss_exploit_available_for_two_years.html PayPal challenges Oracle for longest time-to-fix]'''
| |
| − | : Daring people to sue for negligence, PayPal ignored a 2004 notification of a "[[cross Site Scripting|cross site scripting]] attack that affected donation pages for suspended users." This "is the exact method exploited by the phishing attack in June 2006."
| |
| − | | |
| − | ; '''Jul 19 - [http://www.marketwatch.com/news/story/story.aspx?guid=96D9742BE5B8439A8BD982A419203182&siteid=mktw&dist=nbk&print=true&dist=printTop SQL injection flood reported]'''
| |
| − | : "From January through March, we blocked anywhere from 100 to 200 [[SQL Injection]] attacks per day. As of April, we have seen that number jump from 1,000 to 4,000 to 8,000 per day...The majority of the attacks are coming from overseas, and although we certainly see a higher volume with other types of attacks, what makes the [[SQL Injection]] exploits so worrisome is that they are often indicative of a targeted attack."
| |
| − | | |
| − | ; '''Jul 18 - [http://news.com.com/Symantec+sees+an+Achilles+heel+in+Vista/2100-7355_3-6095119.html?tag=nefd.lede Symantec deflowers Vista]'''
| |
| − | : "Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner cases and defects...Vista is one of the most important technologies that will be released over the next year, and people should understand the ramifications of a virgin network stack."
| |
| − | | |
| − | ; '''Jul 18 - [http://www.networkworld.com/news/2006/071006-visa-security.html?page=4 PCI to require security code reviews]'''
| |
| − | : "The way the standard reads today, all provisions are treated equally, Litan says. She expects PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting software code reviews."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
