This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
Line 1: | Line 1: | ||
<!-- please add stories to the main Application Security News page --> | <!-- please add stories to the main Application Security News page --> | ||
+ | |||
+ | ; '''Jan 22 - Also worth a read: | ||
+ | : [http://sylvanvonstuppe.blogspot.com/2007/01/rude-awakening.html A Rude Awakening] , [http://sylvanvonstuppe.blogspot.com/2007/01/rude-awakening.html Making Security Rewarding] [http://www.onjava.com/lpt/a/6844 Discovering a Java Application's Security Requirements], [http://www.darkreading.com/document.asp?doc_id=115110&WT.svl=news1_1 Security Startups Make Debut], [http://www.eweek.com/article2/0,1895,2085461,00.asp Source Code Specialist Fortify to Buy Secure Software] , [http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html Ajax Sniffer - Prrof of concept], [http://portal.spidynamics.com/blogs/msutton/ Decoding the Google Blacklist], [http://newsroom.eworldwire.com/view_release.php?id=16273 Visual WebGui Announces The Dot.Net Answer To Google's GWT], | ||
; '''Jan 18 - [http://www.securityfocus.com/news/11436?ref=rss Don't take security advice from the devil you know!] | ; '''Jan 18 - [http://www.securityfocus.com/news/11436?ref=rss Don't take security advice from the devil you know!] |
Revision as of 03:41, 23 January 2007
- Jan 22 - Also worth a read:
- A Rude Awakening , Making Security Rewarding Discovering a Java Application's Security Requirements, Security Startups Make Debut, Source Code Specialist Fortify to Buy Secure Software , Ajax Sniffer - Prrof of concept, Decoding the Google Blacklist, Visual WebGui Announces The Dot.Net Answer To Google's GWT,
- Jan 18 - Don't take security advice from the devil you know!
- He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.
- Jan 18 - Web Application Security Professionals Survey (Jan. 2007)
- Jeremiah Grossman just released his (unscientific) survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
- Jan 18 - Hackers attack MoneyGram International server, breach personal info of 80,000 customers
- A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.
- Jan 10 - Vulnerability Disclosure: The Good, the Bad and the Ugly
- More than a decade into the practice of vulnerability disclosure, where do we stand? Are we more secure? Or less?, three good articles: Microsoft: Responsible Vulnerability Disclosure Protects Users , Schneier: Full Disclosure of Security Vulnerabilities a ’Damned Good Idea’, The Vulnerability Disclosure Game: Are We More Secure? and The Chilling Effect
- Jan 3 - XSS in ALL sites with PDF download
- Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet.