|
|
| (56 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | ; '''Sep 17 - [http://www.attrition.org/pipermail/vim/attachments/20060914/42b97c1d/attachment-0001.obj The data are in]'''
| + | <IfLanguage Is="en"> |
| − | : Well of course 21.5% of reported vulnerabilities are XSS. They're very easy to find and every web app has them. (Prove yours doesn't - seriously). Note: If you check this data and [http://news.zdnet.co.uk/internet/security/0,39020375,39283373,00.htm conclude] that browsers are the biggest problem, you need to check it again.
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| | + | </IfLanguage> |
| | + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Sep 14 - [http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9003204 Gartner says 'customize at your own risk']'''
| + | <owaspfeed/> |
| − | : "Customization has created custom vulnerabilities. Custom code does not undergo the same QA testing as commercial code does. All major applications [need] custom code and this is one of the biggest issues facing application security. But what is even worse about this is any vulnerability you have in your system is yours and no one else will find it but you."
| |
| − | | |
| − | ; '''Sep 11 - [http://www.eweek.com/article2/0,1895,2014207,00.asp Developers are the real monoculture]'''
| |
| − | : Monoculture is a danger to security, but this article points out that the most dangerous monoculture is "not of software but of pervasive carelessness among application developers, system administrators and users—carelessness that persists today."
| |
| − | | |
| − | ; '''Aug 31 - [http://www.inweekly.net/article.asp?artID=3471 Red, white, and screwed]'''
| |
| − | : "We've consulted with all the top computer scientists around the United States on the software security issues and they've all told us one thing: 'It isn't currently possible to create technology that is 100-percent secure and trying to do that would be so cost prohibitive"
| |
| − | | |
| − | ; '''Aug 30 - [http://www.informationweek.com/hardware/showArticle.jhtml?articleID=192500179&subSection=Servers Web apps less secure...wait no, more secure]'''
| |
| − | : "Web applications tend to be written less tightly than other applications," says Alan Paller, director at the SANS Institute...But because the desktop model really isn't any better, and is in some ways worse, "Security will drive people to centralized applications." (There's a peek into Google's security process in this article - verdict: Distributed!)
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
