|
|
| (65 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | ; '''Aug 22 - [http://www.corsaire.com/white-papers/060816-assessing-java-clients-with-the-beanshell.pdf Nifty approach to rich Java client testing]'''
| + | <IfLanguage Is="en"> |
| − | : "The BeanShell provides a convenient means of inspecting and manipulating a Java application during execution. This allows the security tester to bypass security controls on the client and verify the security controls on the server. It also allows for the automation of tedious tests such as brute force testing."
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| | + | </IfLanguage> |
| | + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Aug 15 - [http://blog.washingtonpost.com/securityfix/2006/08/crosssite_scripting_flaws_abou.html Yes, you have an XSS problem]'''
| + | <owaspfeed/> |
| − | : The Washington Post lists flaws in sites from Verisign, eEye Digital Security, Cisco Systems F-Secure, Snort.org, National Security Agency, etc... If you're not sure whether you have [[XSS]] problems or not, you probably do. You're compromising your customer's accounts and data. Should the Post be publishing live exploits? We don't think so.
| |
| − | | |
| − | ; '''Aug 14 - [http://www.cio-today.com/story.xhtml?story_id=45124 Ajax threat coming fast]'''
| |
| − | : "We've gone from kids screwing around to criminals looking for ways to make money in less than eight months...Imagine when the same flaws are used to steal money from financial institutions"
| |
| − | | |
| − | ; '''Aug 11 - [http://da.vidnicholson.com/2006/08/analysis-of-hsbc-vulnerability.html HSBC 'vulnerability' all smoke no fire]'''
| |
| − | : "I was put at ease the moment I saw that each article was hinting at the researchers having made an assumption that every target has been infected with a keylogger. A bit of an unreasonable assumption if you ask me, and I think at this point it stops being "news" however the vulnerability is quite interesting..."
| |
| − | | |
| − | ; '''Aug 9 - [http://www.marketwatch.com/news/story/story.aspx?guid=5CF5C1EBCEF64CD18618349227E23AC6&siteid=mktw&dist=nbk ModSecurity rocks WAF competition]'''
| |
| − | : "In the Forrester report ModSecurity was recognized as "the most widely deployed web application firewall," with thousands of installations worldwide."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
Latest revision as of 15:30, 6 May 2012
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
<owaspfeed/>
