This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Application Security News"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
<!-- please add stories to the main Application Security News page -->
 
<!-- please add stories to the main Application Security News page -->
 +
 +
; '''Jan 22 - Also worth a read:
 +
: [http://sylvanvonstuppe.blogspot.com/2007/01/rude-awakening.html A Rude Awakening] , [http://sylvanvonstuppe.blogspot.com/2007/01/rude-awakening.html Making Security Rewarding] [http://www.onjava.com/lpt/a/6844 Discovering a Java Application's Security Requirements], [http://www.darkreading.com/document.asp?doc_id=115110&WT.svl=news1_1 Security Startups Make Debut], [http://www.eweek.com/article2/0,1895,2085461,00.asp Source Code Specialist Fortify to Buy Secure Software] , [http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html Ajax Sniffer - Prrof of concept], [http://portal.spidynamics.com/blogs/msutton/ Decoding the Google Blacklist], [http://newsroom.eworldwire.com/view_release.php?id=16273 Visual WebGui Announces The Dot.Net Answer To Google's GWT],
  
 
; '''Jan 18 - [http://www.securityfocus.com/news/11436?ref=rss Don't take security advice from the devil you know!]
 
; '''Jan 18 - [http://www.securityfocus.com/news/11436?ref=rss Don't take security advice from the devil you know!]

Revision as of 03:41, 23 January 2007


Jan 22 - Also worth a read:
A Rude Awakening , Making Security Rewarding Discovering a Java Application's Security Requirements, Security Startups Make Debut, Source Code Specialist Fortify to Buy Secure Software , Ajax Sniffer - Prrof of concept, Decoding the Google Blacklist, Visual WebGui Announces The Dot.Net Answer To Google's GWT,
Jan 18 - Don't take security advice from the devil you know!
He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.
Jan 18 - Web Application Security Professionals Survey (Jan. 2007)
Jeremiah Grossman just released his (unscientific) survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
Jan 18 - Hackers attack MoneyGram International server, breach personal info of 80,000 customers
A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.
Jan 10 - Vulnerability Disclosure: The Good, the Bad and the Ugly
More than a decade into the practice of vulnerability disclosure, where do we stand? Are we more secure? Or less?, three good articles: Microsoft: Responsible Vulnerability Disclosure Protects Users , Schneier: Full Disclosure of Security Vulnerabilities a ’Damned Good Idea’, The Vulnerability Disclosure Game: Are We More Secure? and The Chilling Effect
Jan 3 - XSS in ALL sites with PDF download
Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet.
Older news...