Difference between revisions of "Template:Application Security News"

Revision as of 01:22, 28 May 2006

May 25- Custom escaping considered harmful: "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."

May 22 - Oracle teaches developers security: "We track the security training completion status of each developer and provide regular reports on training compliance to development management and to senior corporate management to ensure a level of security training is maintained in each organization."

@@ Line 1: / Line 1: @@
-; '''25 May - [http://www.newsforge.com/article.pl?sid=06/05/23/2141246 Custom escaping considered harmful]'''
+; '''May 25- [http://www.newsforge.com/article.pl?sid=06/05/23/2141246 Custom escaping considered harmful]'''
 : "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."
-; '''22 May - [http://www.cioupdate.com/article.php/3608391 Oracle teaches developers security]'''
+; '''May 22 - [http://www.cioupdate.com/article.php/3608391 Oracle teaches developers security]'''
 : "We track the security training completion status of each developer and provide regular reports on training compliance to development management and to senior corporate management to ensure a level of security training is maintained in each organization."
 <!--
-; '''## Mon - [http://link Snarky headline]'''
+; '''Mon ## - [http://link Snarky headline]'''
 : "Quote"
 -->