This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
| Line 1: | Line 1: | ||
| + | ; '''Jun 1 - [http://www.securitypark.co.uk/article.asp?articleid=25401&CategoryID=1 Coders too cool for school?]''' | ||
| + | : "Keep the flaws out from the beginning and you have bought yourself several pounds of prevention. Baking security in up front is logical and makes good technical and business sense; however, getting your developers on board with security training is not necessarily going to be an easy task." | ||
| + | |||
; '''Mar 29 - [http://news.com.com/Oracle+exec+hits+out+at+patch+mentality/2100-7355_3-6077349.html?tag=nl Oracle's Davidson blowing steam]''' | ; '''Mar 29 - [http://news.com.com/Oracle+exec+hits+out+at+patch+mentality/2100-7355_3-6077349.html?tag=nl Oracle's Davidson blowing steam]''' | ||
: "The pressure to deal with the problem of unreliable and insecure software is building, and the industry has reached a tipping point...it is now chief executives who are complaining that what they are getting from their vendor is not acceptable in terms of software assurance." She also argues that Brits make good hackers because they have criminal behavior. | : "The pressure to deal with the problem of unreliable and insecure software is building, and the industry has reached a tipping point...it is now chief executives who are complaining that what they are getting from their vendor is not acceptable in terms of software assurance." She also argues that Brits make good hackers because they have criminal behavior. | ||
| Line 5: | Line 8: | ||
: "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure." | : "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure." | ||
| − | ; | + | ; [[Application Security News|Older news...]] |
| − | |||
<!-- | <!-- | ||
Revision as of 23:38, 1 June 2006
- Jun 1 - Coders too cool for school?
- "Keep the flaws out from the beginning and you have bought yourself several pounds of prevention. Baking security in up front is logical and makes good technical and business sense; however, getting your developers on board with security training is not necessarily going to be an easy task."
- Mar 29 - Oracle's Davidson blowing steam
- "The pressure to deal with the problem of unreliable and insecure software is building, and the industry has reached a tipping point...it is now chief executives who are complaining that what they are getting from their vendor is not acceptable in terms of software assurance." She also argues that Brits make good hackers because they have criminal behavior.
- May 25- Custom escaping considered harmful
- "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."
