|
|
| (72 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <IfLanguage Is="en"> |
| − | ; '''Mon ## - [http://www.artima.com/weblogs/viewpost.jsp?thread=168511 Give offensive coding a try...]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | : Comment or "Quote"
| + | </IfLanguage> |
| − | -->
| + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jul 31 - [http://www.newsfactor.com/story.xhtml?story_id=121003Y635KX&page=3 PCI revisions - code review is coming]'''
| + | <owaspfeed/> |
| − | : "...PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting '''[[:Category:OWASP Code Review Project|software code reviews]]''', identifying all outside parties involved in payment transactions and ensuring merchant data in hosted environments is adequately partitioned.
| |
| − | | |
| − | ; '''Jul 28 - [http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html Major JavaScript vulnerabilty documented]'''
| |
| − | : "SPI Dynamics has published documentation and a live exploit of a significant javascript flaw. This appears to be a fundemental flaw in the scripting language and it impacts at least all IE browsers."
| |
| − | | |
| − | ; '''Jul 28 - [http://www.f-secure.com/weblog/archives/archive-072006.html#00000930 Web application worms]'''
| |
| − | : "We picked two among the top social networking sites with a reported combined user base of 80 million. Within half an hour we had discovered over half a dozen potentially "wormable" [[XSS]] vulnerabilities in each site! We stopped looking after finding half a dozen, but we are sure there are a lot more holes in there. With about a day's work a malicious attacker with a half-decent knowledge of javascript could create a worm using just one of these vulnerabilities."
| |
| − | | |
| − | ; '''Jul 26 - [http://www.gcn.com/print/25_21/41397-1.html Government agency wake up call]'''
| |
| − | : The [[OWASP Top Ten]] was originally drafted with government in mind, but most agencies have steadfastly ignored the risk. "Instead of relying on firewalls, IDSes and compliance teams preparing documents, leaders within organizations need to put new emphasis on a secure software development lifecycle."
| |
| − | | |
| − | ; '''Jul 24 - [http://www.theregister.co.uk/2006/07/22/bug_hunters_crawl_over_ms_office/page3.html Fuzzing comes of age]'''
| |
| − | : "In fact, fuzzing tools appear to be the source of the deluge of Office flaws. Once considered a crutch for the lowest form of code hacker - the much-denigrated "script kiddie" - data-fuzzing tools have gained stature to now be considered an efficient way to find vulnerabilities, especially obscure ones."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
