|
|
| (102 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <IfLanguage Is="en"> |
| − | ; '''Mon ## - [http://link Snarky headline]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | : Comment or "Quote"
| + | </IfLanguage> |
| − | -->
| + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jun 24 - [http://soasecurityarchitect.com/2006/06/24/discussion-with-jeff-wiliams-ceo-of-aspect-security--about-owasp.aspx SOA Security Architect Interviews OWASP Chair Jeff Williams]'''
| + | <owaspfeed/> |
| − | : SOA Security Architect interviews Jeff Williams on OWASP and SOA security. Jeff answers questions about SOA security, talks about the limitations of SOA appliances, and the future of WS Security and web services. "They think that they are getting 80% protection, but they really aren’t. I think the false sense of security is the most dangerous risk of using these appliances. The same sort of thing applies to using application scanning technologies."
| |
| − | | |
| − | ; '''Jun 23 - [http://digg.com/links/Working_and_active_exploit_on_citibank.com Citibank wrestles with XSS]'''
| |
| − | : On the same day that Neosmart makes the ridiculous claim that [http://neosmart.net/blog/archives/194 XSS is not a vulnerability], a hacker has highlighted an [[XSS]] flaw in citibank.com and claims dozens more major sites have similar problems. It's not rocket science, but of course it's a [[:Category:Vulnerability|vulnerability]].
| |
| − | | |
| − | ; '''Jun 19 - [http://security.tekrati.com/research/news.asp?id=7293 Analyst research discovers that hackers go for low hanging fruit]'''
| |
| − | : The trend continues - less overall security breaches, and more web related attacks (12%). "Internet-enabled software applications, especially custom applications, present the most common security risk encountered today," said John Andrews, President, Evans Data. "Overall we're witnessing better software security practices early in the software lifecycle, which is positively affecting overall security breaches."
| |
| − | | |
| − | ; '''Jun 16 - [http://news.netcraft.com/archives/2006/06/16/paypal_security_flaw_allows_identity_theft.html For goodness sakes, don't click on links in email]'''
| |
| − | : A pretty complete writeup about the exploit of an [[XSS]] flaw in PayPal - "The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique ([[XSS]]). When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." After a short pause, the victim is then redirected to an external server, which presents a fake PayPal Member log-In page."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
