This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
| Line 3: | Line 3: | ||
: Comment or "Quote" | : Comment or "Quote" | ||
--> | --> | ||
| + | |||
| + | ; '''Jul 3 - [http://www.cio.com/archive/070106/tl_privacy.html FTC throws Nations Holding into the briar patch]''' | ||
| + | : This is an outrage. Companies can now continue to play fast and loose with people's data, safe in the knowledge that their only penalty will be to do stuff they ought to be doing anyway. Thanks FTC. | ||
; '''Jul 2 - [http://software.ericsink.com/articles/Four_Questions.html The voodoo economics of code]''' | ; '''Jul 2 - [http://software.ericsink.com/articles/Four_Questions.html The voodoo economics of code]''' | ||
Revision as of 22:48, 3 July 2006
- Jul 3 - FTC throws Nations Holding into the briar patch
- This is an outrage. Companies can now continue to play fast and loose with people's data, safe in the knowledge that their only penalty will be to do stuff they ought to be doing anyway. Thanks FTC.
- Jul 2 - The voodoo economics of code
- "The six billion people of the world can be divided into two groups: (1) People who know why every good software company ships products with known bugs. (2) People who don't. Those of us in group 1 tend to forget what life was like before our youthful optimism was spoiled by reality. Sometimes we encounter a person in group 2, perhaps a new hire on the team or even a customer. They are shocked that any software company would ever ship a product before every last bug is fixed."
- Jun 26 - PCI update coming
- "Track data from magnetic strips isn’t necessary to process credit card transactions but is valuable to hackers and identity thieves because it can be used to make counterfeit cards, said Avivah Litan, an analyst at Gartner. The data is often automatically saved by payment applications because developers assumed it was needed. In fact, many merchants may be unaware that their payment applications collect and cache the track data, leaving the data unprotected while giving the merchant a misplaced sense of security, Visa’s Elliott said."
- Jun 24 - SOA Security Architect Interviews OWASP Chair Jeff Williams
- SOA Security Architect interviews Jeff Williams on OWASP and SOA security. Jeff answers questions about SOA security, talks about the limitations of SOA appliances, and the future of WS Security and web services. "They think that they are getting 80% protection, but they really aren’t. I think the false sense of security is the most dangerous risk of using these appliances. The same sort of thing applies to using application scanning technologies."
- Jun 23 - Citibank wrestles with XSS
- On the same day that Neosmart makes the ridiculous claim that XSS is not a vulnerability, a hacker has highlighted an XSS flaw in citibank.com and claims dozens more major sites have similar problems. It's not rocket science, but of course it's a vulnerability.
- Jun 19 - Analyst research discovers that hackers go for low hanging fruit
- The trend continues - less overall security breaches, and more web related attacks (12%). "Internet-enabled software applications, especially custom applications, present the most common security risk encountered today," said John Andrews, President, Evans Data. "Overall we're witnessing better software security practices early in the software lifecycle, which is positively affecting overall security breaches."
