This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Application Security News"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
<!-- please add stories to the main Application Security News page -->
 
<!-- please add stories to the main Application Security News page -->
 +
 +
; '''Jan 18 - [http://www.securityfocus.com/news/11436?ref=rss Security advice from the devil you know!]
 +
: The devil you know lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected."  Right.
  
 
; '''Jan 18 - [http://jeremiahgrossman.blogspot.com/2007/01/web-application-security-professionals.html  Web Application Security Professionals Survey (Jan. 2007)]'''
 
; '''Jan 18 - [http://jeremiahgrossman.blogspot.com/2007/01/web-application-security-professionals.html  Web Application Security Professionals Survey (Jan. 2007)]'''
: Jeremiah Grossman just released his survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
+
: Jeremiah Grossman just released his (unscientific) survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
  
 
; '''Jan 18 - [http://www.scmagazine.com/asia/news/article/626120/hackers-attack-moneygram-international-server-breach-personal-info-80000-customers/ Hackers attack MoneyGram International server, breach personal info of 80,000 customers]'''
 
; '''Jan 18 - [http://www.scmagazine.com/asia/news/article/626120/hackers-attack-moneygram-international-server-breach-personal-info-80000-customers/ Hackers attack MoneyGram International server, breach personal info of 80,000 customers]'''
Line 12: Line 15:
 
; '''Jan 3 - [http://www.gnucitizen.org/blog/danger-danger-danger/ XSS in ALL sites with PDF download]'''
 
; '''Jan 3 - [http://www.gnucitizen.org/blog/danger-danger-danger/ XSS in ALL sites with PDF download]'''
 
: Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet.
 
: Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet.
 
; '''Dec 16 - [http://www.cafeaulait.org What IS security critical code?]'''
 
: "It's likely that in most incidents of people being killed as a result of software bugs (or IT systems bugs), the software wasn't thought to be safety-critical at all. For example, a word-processor failing to recognize that a print request has failed, resulting in a patient not getting a letter giving a hospital appointment. Or someone committing suicide because of an incorrect bank statement." Michael Kay on the xml-dev list, 8/17/2005
 
  
 
; [[Application Security News|Older news...]]
 
; [[Application Security News|Older news...]]

Revision as of 21:44, 18 January 2007


Jan 18 - Security advice from the devil you know!
The devil you know lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.
Jan 18 - Web Application Security Professionals Survey (Jan. 2007)
Jeremiah Grossman just released his (unscientific) survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
Jan 18 - Hackers attack MoneyGram International server, breach personal info of 80,000 customers
A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.
Jan 10 - Vulnerability Disclosure: The Good, the Bad and the Ugly
More than a decade into the practice of vulnerability disclosure, where do we stand? Are we more secure? Or less?, three good articles: Microsoft: Responsible Vulnerability Disclosure Protects Users , Schneier: Full Disclosure of Security Vulnerabilities a ’Damned Good Idea’, The Vulnerability Disclosure Game: Are We More Secure? and The Chilling Effect
Jan 3 - XSS in ALL sites with PDF download
Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet.
Older news...