This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Application Security News"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
; '''Sep 1 - [http://www.darkreading.com/document.asp?doc_id=109150
+
; '''Sep 1 - [http://www.darkreading.com/document.asp?doc_id=109150 Don't blame the browser]'''
Don't blame the browser]'''
 
 
: Client side applications are all intertwined, and a flaw in one may compromise the rest. But don't forget the web applications!
 
: Client side applications are all intertwined, and a flaw in one may compromise the rest. But don't forget the web applications!
  

Revision as of 17:01, 5 November 2006

Sep 1 - Don't blame the browser
Client side applications are all intertwined, and a flaw in one may compromise the rest. But don't forget the web applications!
Oct 25 - Michael Howard's advice from OWASP AppSec Conference
Michael argued convincingly for a comprehensive application security education program first, then use of tools, threat modeling, and code review. His presentation and all the rest are on the conference page
Oct 24 - Hackers get organized
"Hackers have been breaking into customer accounts at large online brokerages in the United States and making unauthorized trades worth millions of dollars as part of a fast-growing new form of online fraud under investigation by federal authorities. E-Trade Financial Corp. said last week that "concerted rings" in Eastern Europe and Thailand caused their customers $18 million in losses in the third quarter alone. Another company, TD Ameritrade, the third-largest online broker, also has suffered losses from customer account fraud, but a spokeswoman declined to quantify the amount yesterday. "It is an industry problem. It does continue to grow."
Oct 19 - MSDN Magazine AppSec Issue
Great articles from Michael Howard and crew on Threat Modeling, SSO, Extending SDL, and an interesting article on SQL truncation attacks
Older news...