|
|
| (71 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <IfLanguage Is="en"> |
| − | ; '''Mon ## - [http://www.artima.com/weblogs/viewpost.jsp?thread=168511 Give offensive coding a try...]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | : Comment or "Quote"
| + | </IfLanguage> |
| − | -->
| + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Aug 2 - [http://www.computer.org/portal/site/security/menuitem.6f7b2414551cb84651286b108bcd45f3/index.jsp?&pName=security_level1_article&TheCat=1001&path=security/2006/v4n4&file=basic.xml Michael Howard's code review process]'''
| + | <owaspfeed/> |
| − | : Michael recommends prioritizing, but strangely doesn't use [[threat modeling]] as a way to do it. Still, a great article because... "No one really likes [[:Category:OWASP Code Review Project|reviewing source code]] for security vulnerabilities; it’s slow, tedious, and mind-numbingly boring. Yet, code review is a critical component of shipping secure software to customers. Neglecting it isn’t an option."
| |
| − | | |
| − | ; '''Jul 31 - [http://www.newsfactor.com/story.xhtml?story_id=121003Y635KX&page=3 PCI revisions - code review is coming]'''
| |
| − | : "...PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting '''[[:Category:OWASP Code Review Project|software code reviews]]''', identifying all outside parties involved in payment transactions and ensuring merchant data in hosted environments is adequately partitioned.
| |
| − | | |
| − | ; '''Jul 28 - [http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html Major JavaScript vulnerabilty documented]'''
| |
| − | : "SPI Dynamics has published documentation and a live exploit of a significant javascript flaw. This appears to be a fundemental flaw in the scripting language and it impacts at least all IE browsers."
| |
| − | | |
| − | ; '''Jul 28 - [http://www.f-secure.com/weblog/archives/archive-072006.html#00000930 Web application worms]'''
| |
| − | : "We picked two among the top social networking sites with a reported combined user base of 80 million. Within half an hour we had discovered over half a dozen potentially "wormable" [[XSS]] vulnerabilities in each site! We stopped looking after finding half a dozen, but we are sure there are a lot more holes in there. With about a day's work a malicious attacker with a half-decent knowledge of javascript could create a worm using just one of these vulnerabilities."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
Latest revision as of 15:30, 6 May 2012
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
<owaspfeed/>
