This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
| Line 3: | Line 3: | ||
: Comment or "Quote" | : Comment or "Quote" | ||
--> | --> | ||
| + | |||
| + | ; '''Aug 11 - [http://da.vidnicholson.com/2006/08/analysis-of-hsbc-vulnerability.html HSBC 'vulnerability' all smoke no fire]''' | ||
| + | : "I was put at ease the moment I saw that each article was hinting at the researchers having made an assumption that every target has been infected with a keylogger. A bit of an unreasonable assumption if you ask me, and I think at this point it stops being "news" however the vulnerability is quite interesting..." | ||
; '''Aug 9 - [http://www.marketwatch.com/news/story/story.aspx?guid=5CF5C1EBCEF64CD18618349227E23AC6&siteid=mktw&dist=nbk ModSecurity rocks WAF competition]''' | ; '''Aug 9 - [http://www.marketwatch.com/news/story/story.aspx?guid=5CF5C1EBCEF64CD18618349227E23AC6&siteid=mktw&dist=nbk ModSecurity rocks WAF competition]''' | ||
| Line 12: | Line 15: | ||
; '''Jul 31 - [http://www.newsfactor.com/story.xhtml?story_id=121003Y635KX&page=3 PCI revisions - code review is coming]''' | ; '''Jul 31 - [http://www.newsfactor.com/story.xhtml?story_id=121003Y635KX&page=3 PCI revisions - code review is coming]''' | ||
: "...PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting '''[[:Category:OWASP Code Review Project|software code reviews]]''', identifying all outside parties involved in payment transactions and ensuring merchant data in hosted environments is adequately partitioned. | : "...PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting '''[[:Category:OWASP Code Review Project|software code reviews]]''', identifying all outside parties involved in payment transactions and ensuring merchant data in hosted environments is adequately partitioned. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
; [[Application Security News|Older news...]] | ; [[Application Security News|Older news...]] | ||
Revision as of 17:39, 11 August 2006
- Aug 11 - HSBC 'vulnerability' all smoke no fire
- "I was put at ease the moment I saw that each article was hinting at the researchers having made an assumption that every target has been infected with a keylogger. A bit of an unreasonable assumption if you ask me, and I think at this point it stops being "news" however the vulnerability is quite interesting..."
- Aug 9 - ModSecurity rocks WAF competition
- "In the Forrester report ModSecurity was recognized as "the most widely deployed web application firewall," with thousands of installations worldwide."
- Aug 2 - Michael Howard's code review process
- Michael recommends prioritizing, but strangely doesn't use threat modeling as a way to do it. Still, a great article because... "No one really likes reviewing source code for security vulnerabilities; it’s slow, tedious, and mind-numbingly boring. Yet, code review is a critical component of shipping secure software to customers. Neglecting it isn’t an option."
- Jul 31 - PCI revisions - code review is coming
- "...PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting software code reviews, identifying all outside parties involved in payment transactions and ensuring merchant data in hosted environments is adequately partitioned.
