This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
| Line 6: | Line 6: | ||
; '''Jul 11 - [http://www.yankeegroup.com/public/research/author_page.jsp?ID=E6175864177D44AD Yankee predicts AAP to replace WAF]''' | ; '''Jul 11 - [http://www.yankeegroup.com/public/research/author_page.jsp?ID=E6175864177D44AD Yankee predicts AAP to replace WAF]''' | ||
: In a report titled, "Application Assurance Platforms Arise from Web App Firewall Market’s Ashes," Yankee projects overall product revenue in the evolving AAP market to grow to $230 million by 2009. AAP's are predicted to combine the web application firewall, database security, XML security gateway and application traffic management segments. | : In a report titled, "Application Assurance Platforms Arise from Web App Firewall Market’s Ashes," Yankee projects overall product revenue in the evolving AAP market to grow to $230 million by 2009. AAP's are predicted to combine the web application firewall, database security, XML security gateway and application traffic management segments. | ||
| + | |||
| + | ; '''Jul 10 - [http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html Even two-factor authentication can be spoofed]''' | ||
| + | : "The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the "man in the middle" -- it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real." | ||
; '''Jul 7 - [http://softwaredev.itbusinessnet.com/articles/viewarticle.jsp?id=47176 Who's changed their process?]''' | ; '''Jul 7 - [http://softwaredev.itbusinessnet.com/articles/viewarticle.jsp?id=47176 Who's changed their process?]''' | ||
| Line 12: | Line 15: | ||
; '''Jul 7 - [http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001637&source=NLT_PM&nlid=8 PCI update will mandate application security]''' | ; '''Jul 7 - [http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001637&source=NLT_PM&nlid=8 PCI update will mandate application security]''' | ||
: "Visa U.S.A. Inc. and MasterCard International Inc. will release new security rules in the next 30 to 60 days for all organizations that handle credit card data, a Visa official said this week. The rules will be the first major updates to the one-year-old Payment Card Industry (PCI) data security standard, which analysts said is slowly but surely being adopted. Extensions are aimed at protecting credit card data from emerging Web application security threats." | : "Visa U.S.A. Inc. and MasterCard International Inc. will release new security rules in the next 30 to 60 days for all organizations that handle credit card data, a Visa official said this week. The rules will be the first major updates to the one-year-old Payment Card Industry (PCI) data security standard, which analysts said is slowly but surely being adopted. Extensions are aimed at protecting credit card data from emerging Web application security threats." | ||
| − | |||
| − | |||
| − | |||
; [[Application Security News|Older news...]] | ; [[Application Security News|Older news...]] | ||
Revision as of 09:19, 11 July 2006
- Jul 11 - Yankee predicts AAP to replace WAF
- In a report titled, "Application Assurance Platforms Arise from Web App Firewall Market’s Ashes," Yankee projects overall product revenue in the evolving AAP market to grow to $230 million by 2009. AAP's are predicted to combine the web application firewall, database security, XML security gateway and application traffic management segments.
- Jul 10 - Even two-factor authentication can be spoofed
- "The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the "man in the middle" -- it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real."
- Jul 7 - Who's changed their process?
- "All software has security defects," insists Michael Howard, senior security program manager at Microsoft. "You either do something about it, or you don't...What worries me is how little attention [software] vendors are paying to this. I know of nobody else who has changed their process."
- Jul 7 - PCI update will mandate application security
- "Visa U.S.A. Inc. and MasterCard International Inc. will release new security rules in the next 30 to 60 days for all organizations that handle credit card data, a Visa official said this week. The rules will be the first major updates to the one-year-old Payment Card Industry (PCI) data security standard, which analysts said is slowly but surely being adopted. Extensions are aimed at protecting credit card data from emerging Web application security threats."
