This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
| Line 6: | Line 6: | ||
; '''Jul 31 - [http://www.newsfactor.com/story.xhtml?story_id=121003Y635KX&page=3 PCI revisions - code review is coming]''' | ; '''Jul 31 - [http://www.newsfactor.com/story.xhtml?story_id=121003Y635KX&page=3 PCI revisions - code review is coming]''' | ||
: "...PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting '''[[:Category:OWASP Code Review Project|software code reviews]]''', identifying all outside parties involved in payment transactions and ensuring merchant data in hosted environments is adequately partitioned. | : "...PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting '''[[:Category:OWASP Code Review Project|software code reviews]]''', identifying all outside parties involved in payment transactions and ensuring merchant data in hosted environments is adequately partitioned. | ||
| + | |||
| + | ; '''Jul 28 - [http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html Major JavaScript vulnerabilty documented]''' | ||
| + | : "SPI Dynamics has published documentation and a live exploit of a significant javascript flaw. This appears to be a fundemental flaw in the scripting language and it impacts at least all IE browsers." | ||
; '''Jul 28 - [http://www.f-secure.com/weblog/archives/archive-072006.html#00000930 Web application worms]''' | ; '''Jul 28 - [http://www.f-secure.com/weblog/archives/archive-072006.html#00000930 Web application worms]''' | ||
Revision as of 16:10, 3 August 2006
- Jul 31 - PCI revisions - code review is coming
- "...PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting software code reviews, identifying all outside parties involved in payment transactions and ensuring merchant data in hosted environments is adequately partitioned.
- Jul 28 - Major JavaScript vulnerabilty documented
- "SPI Dynamics has published documentation and a live exploit of a significant javascript flaw. This appears to be a fundemental flaw in the scripting language and it impacts at least all IE browsers."
- Jul 28 - Web application worms
- "We picked two among the top social networking sites with a reported combined user base of 80 million. Within half an hour we had discovered over half a dozen potentially "wormable" XSS vulnerabilities in each site! We stopped looking after finding half a dozen, but we are sure there are a lot more holes in there. With about a day's work a malicious attacker with a half-decent knowledge of javascript could create a worm using just one of these vulnerabilities."
- Jul 26 - Government agency wake up call
- The OWASP Top Ten was originally drafted with government in mind, but most agencies have steadfastly ignored the risk. "Instead of relying on firewalls, IDSes and compliance teams preparing documents, leaders within organizations need to put new emphasis on a secure software development lifecycle."
- Jul 24 - Fuzzing comes of age
- "In fact, fuzzing tools appear to be the source of the deluge of Office flaws. Once considered a crutch for the lowest form of code hacker - the much-denigrated "script kiddie" - data-fuzzing tools have gained stature to now be considered an efficient way to find vulnerabilities, especially obscure ones."
