This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
Line 1: | Line 1: | ||
<!-- please add stories to the main Application Security News page --> | <!-- please add stories to the main Application Security News page --> | ||
+ | |||
+ | ; '''Jan 18 - [http://www.securityfocus.com/news/11436?ref=rss Security advice from the devil you know!] | ||
+ | : The devil you know lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right. | ||
; '''Jan 18 - [http://jeremiahgrossman.blogspot.com/2007/01/web-application-security-professionals.html Web Application Security Professionals Survey (Jan. 2007)]''' | ; '''Jan 18 - [http://jeremiahgrossman.blogspot.com/2007/01/web-application-security-professionals.html Web Application Security Professionals Survey (Jan. 2007)]''' | ||
− | : Jeremiah Grossman just released his survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) ) | + | : Jeremiah Grossman just released his (unscientific) survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) ) |
; '''Jan 18 - [http://www.scmagazine.com/asia/news/article/626120/hackers-attack-moneygram-international-server-breach-personal-info-80000-customers/ Hackers attack MoneyGram International server, breach personal info of 80,000 customers]''' | ; '''Jan 18 - [http://www.scmagazine.com/asia/news/article/626120/hackers-attack-moneygram-international-server-breach-personal-info-80000-customers/ Hackers attack MoneyGram International server, breach personal info of 80,000 customers]''' | ||
Line 12: | Line 15: | ||
; '''Jan 3 - [http://www.gnucitizen.org/blog/danger-danger-danger/ XSS in ALL sites with PDF download]''' | ; '''Jan 3 - [http://www.gnucitizen.org/blog/danger-danger-danger/ XSS in ALL sites with PDF download]''' | ||
: Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet. | : Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet. | ||
− | |||
− | |||
− | |||
; [[Application Security News|Older news...]] | ; [[Application Security News|Older news...]] |
Revision as of 21:44, 18 January 2007
- Jan 18 - Security advice from the devil you know!
- The devil you know lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.
- Jan 18 - Web Application Security Professionals Survey (Jan. 2007)
- Jeremiah Grossman just released his (unscientific) survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
- Jan 18 - Hackers attack MoneyGram International server, breach personal info of 80,000 customers
- A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.
- Jan 10 - Vulnerability Disclosure: The Good, the Bad and the Ugly
- More than a decade into the practice of vulnerability disclosure, where do we stand? Are we more secure? Or less?, three good articles: Microsoft: Responsible Vulnerability Disclosure Protects Users , Schneier: Full Disclosure of Security Vulnerabilities a ’Damned Good Idea’, The Vulnerability Disclosure Game: Are We More Secure? and The Chilling Effect
- Jan 3 - XSS in ALL sites with PDF download
- Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet.