|
|
| (25 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- please add stories to the main Application Security News page --> | + | <IfLanguage Is="en"> |
| | + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| | + | </IfLanguage> |
| | + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jan 10 - [http://www2.csoonline.com/exclusives/column.html?CID=28072 Ranum excoriates vulnerability pimps]'''
| + | <owaspfeed/> |
| − | : "Computer security needs to grow the hell up, and needs to do it pretty quickly. It seems that virtually every aspect of life is becoming increasingly computerized and exposed to online attack. The problem is getting more significant the longer we wait to deal with it, but the early history of computer security has been a massive disappointment to all of us: huge amounts of money spent with relatively little improvement to show for it. One of the reasons is that a huge amount of that effort has been wasted, barking up the wrong tree. Unfortunately, if you look at the last 10 years of security, it’s a litany of "one step forward, one step back," thanks in part to the vulnerability pimps, parasites and snake-oil salesmen who flocked into the industry when they smelled money and a chance to get some attention. At this point, they’re so deeply entrenched and vested that they’re here to stay, unless the industry as a whole turns away from rewarding bad behavior. If you’re a customer or end user, you can see how well disclosure worked to improve your security over the last decade. Let me be frank: It’s up to you."
| |
| − | | |
| − | ; '''Jan 3 - [http://www.gnucitizen.org/blog/danger-danger-danger/ XSS in ALL sites with PDF download]'''
| |
| − | : Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet.
| |
| − | | |
| − | ; '''Dec 16 - [http://www.cafeaulait.org What IS security critical code?]'''
| |
| − | : "It's likely that in most incidents of people being killed as a result of software bugs (or IT systems bugs), the software wasn't thought to be safety-critical at all. For example, a word-processor failing to recognize that a print request has failed, resulting in a patient not getting a letter giving a hospital appointment. Or someone committing suicide because of an incorrect bank statement." Michael Kay on the xml-dev list, 8/17/2005
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
Latest revision as of 15:30, 6 May 2012
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
<owaspfeed/>
