This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
| Line 1: | Line 1: | ||
| + | |||
| + | ; '''Aug 29 - [http://www.fcw.com/article95783-08-24-06-Web Personal data exposed on student loan Web site]''' | ||
| + | : The U.S. Department of Education has disabled its Direct Loan Servicing System, the online payment feature of its Federal Student Aid site, because of a software glitch that exposed the personal data of 21,000 students who borrowed money from the department, said Education Department spokeswoman Jane Glickman. | ||
| + | |||
; '''Aug 28 - [http://www.sdtimes.com/article/special-20060815-01.html Secure coding initiatives - Verdict: Don't start with tools]''' | ; '''Aug 28 - [http://www.sdtimes.com/article/special-20060815-01.html Secure coding initiatives - Verdict: Don't start with tools]''' | ||
: Tools give a warped perspective on software security. They overemphasize stuff they're good at finding, and completely miss critical flaws. Get your people and process aligned on secure coding, and then it will be easy to see which tools really help you. | : Tools give a warped perspective on software security. They overemphasize stuff they're good at finding, and completely miss critical flaws. Get your people and process aligned on secure coding, and then it will be easy to see which tools really help you. | ||
| Line 7: | Line 11: | ||
; '''Aug 22 - [http://www.infoworld.com/article/06/08/16/HNyahoosecurityplug_1.html Yahoo touches application security's third rail - encoding]''' | ; '''Aug 22 - [http://www.infoworld.com/article/06/08/16/HNyahoosecurityplug_1.html Yahoo touches application security's third rail - encoding]''' | ||
: "The problem was Yahoo Mail's handling of attachments. By creating an HTML attachment with different encoding schemes, one could have bypassed Yahoo Mail's security filter and executed malicious JavaScript code" | : "The problem was Yahoo Mail's handling of attachments. By creating an HTML attachment with different encoding schemes, one could have bypassed Yahoo Mail's security filter and executed malicious JavaScript code" | ||
| − | |||
| − | |||
| − | |||
; [[Application Security News|Older news...]] | ; [[Application Security News|Older news...]] | ||
Revision as of 20:40, 29 August 2006
- Aug 29 - Personal data exposed on student loan Web site
- The U.S. Department of Education has disabled its Direct Loan Servicing System, the online payment feature of its Federal Student Aid site, because of a software glitch that exposed the personal data of 21,000 students who borrowed money from the department, said Education Department spokeswoman Jane Glickman.
- Aug 28 - Secure coding initiatives - Verdict: Don't start with tools
- Tools give a warped perspective on software security. They overemphasize stuff they're good at finding, and completely miss critical flaws. Get your people and process aligned on secure coding, and then it will be easy to see which tools really help you.
- Aug 22 - The privacy debacle hall of shame
- "[The AOL screwup] may have been one of the dumbest privacy debacles of all time, but it certainly wasn't the first. Here are ten other privacy snafus that made the world an unsafer place."
- Aug 22 - Yahoo touches application security's third rail - encoding
- "The problem was Yahoo Mail's handling of attachments. By creating an HTML attachment with different encoding schemes, one could have bypassed Yahoo Mail's security filter and executed malicious JavaScript code"
