|
|
| (87 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <IfLanguage Is="en"> |
| − | ; '''Mon ## - [http://link Snarky headline]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | : Comment or "Quote"
| + | </IfLanguage> |
| − | -->
| + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jul 12 - [http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html Beware integer overflow in Java]'''
| + | <owaspfeed/> |
| − | : Joshua Bloch (of Java Puzzlers fame) discovered this [[Integer overflow|overflow]] that affects Arrays.binarySearch() and any other divide-and-conquer algorithms (probably other languages as well). "The general lesson that I take away from this bug is humility: It is hard to write even the smallest piece of code correctly, and our whole world runs on big, complex pieces of code."
| |
| − | | |
| − | ; '''Jul 12 - [http://opensource.sys-con.com/read/244332_p.htm Source code secrecy not a countermeasure]'''
| |
| − | : Yet another pointless article discussing whether open-source or closed-source is more secure. The truth is that your application should be secure even if an attacker has the source. If you're using a source code control system (and you absolutely should), there are copies of your code all over the place. So get over it - secrecy isn't a countermeasure.
| |
| − | | |
| − | ; '''Jul 11 - [http://www.yankeegroup.com/public/research/author_page.jsp?ID=E6175864177D44AD Yankee predicts AAP to replace WAF]'''
| |
| − | : In a report titled, "Application Assurance Platforms Arise from Web App Firewall Market’s Ashes," Yankee projects overall product revenue in the evolving AAP market to grow to $230 million by 2009. AAP's are predicted to combine the web application firewall, database security, XML security gateway and application traffic management segments.
| |
| − | | |
| − | ; '''Jul 10 - [http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html Even two-factor authentication can be spoofed]'''
| |
| − | : "The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the "man in the middle" -- it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
Latest revision as of 15:30, 6 May 2012
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
<owaspfeed/>
