This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Application Security News"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
<!-- please add stories to the main Application Security News page -->
 
<!-- please add stories to the main Application Security News page -->
 +
 +
; '''Jan 18 - [http://jeremiahgrossman.blogspot.com/2007/01/web-application-security-professionals.html  Web Application Security Professionals Survey (Jan. 2007)]'''
 +
: Jeremiah Grossman just released his survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
 +
 +
; '''Jan 18 - [http://www.scmagazine.com/asia/news/article/626120/hackers-attack-moneygram-international-server-breach-personal-info-80000-customers/ Hackers attack MoneyGram International server, breach personal info of 80,000 customers]'''
 +
: A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.
  
 
; '''Jan 10 - [http://www2.csoonline.com/exclusives/column.html?CID=28072 Vulnerability Disclosure: The Good, the Bad and the Ugly]'''
 
; '''Jan 10 - [http://www2.csoonline.com/exclusives/column.html?CID=28072 Vulnerability Disclosure: The Good, the Bad and the Ugly]'''

Revision as of 18:44, 18 January 2007


Jan 18 - Web Application Security Professionals Survey (Jan. 2007)
Jeremiah Grossman just released his survey with lots of very interesting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
Jan 18 - Hackers attack MoneyGram International server, breach personal info of 80,000 customers
A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.
Jan 10 - Vulnerability Disclosure: The Good, the Bad and the Ugly
More than a decade into the practice of vulnerability disclosure, where do we stand? Are we more secure? Or less?, three good articles: Microsoft: Responsible Vulnerability Disclosure Protects Users , Schneier: Full Disclosure of Security Vulnerabilities a ’Damned Good Idea’, The Vulnerability Disclosure Game: Are We More Secure? and The Chilling Effect
Jan 3 - XSS in ALL sites with PDF download
Critical XSS flaw that is trivial to exploit here in all but the very latest browsers. Attackers simply have to add a script like #attack=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a PDF). Solution is to not use PDF's or for Adobe to patch the planet.
Dec 16 - What IS security critical code?
"It's likely that in most incidents of people being killed as a result of software bugs (or IT systems bugs), the software wasn't thought to be safety-critical at all. For example, a word-processor failing to recognize that a print request has failed, resulting in a patient not getting a letter giving a hospital appointment. Or someone committing suicide because of an incorrect bank statement." Michael Kay on the xml-dev list, 8/17/2005
Older news...