This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
| Line 3: | Line 3: | ||
: Comment or "Quote" | : Comment or "Quote" | ||
--> | --> | ||
| + | |||
| + | ; '''Aug 14 - [http://www.cio-today.com/story.xhtml?story_id=45124 Ajax threat coming fast]''' | ||
| + | : "We've gone from kids screwing around to criminals looking for ways to make money in less than eight months...Imagine when the same flaws are used to steal money from financial institutions" | ||
; '''Aug 11 - [http://da.vidnicholson.com/2006/08/analysis-of-hsbc-vulnerability.html HSBC 'vulnerability' all smoke no fire]''' | ; '''Aug 11 - [http://da.vidnicholson.com/2006/08/analysis-of-hsbc-vulnerability.html HSBC 'vulnerability' all smoke no fire]''' | ||
Revision as of 12:53, 14 August 2006
- Aug 14 - Ajax threat coming fast
- "We've gone from kids screwing around to criminals looking for ways to make money in less than eight months...Imagine when the same flaws are used to steal money from financial institutions"
- Aug 11 - HSBC 'vulnerability' all smoke no fire
- "I was put at ease the moment I saw that each article was hinting at the researchers having made an assumption that every target has been infected with a keylogger. A bit of an unreasonable assumption if you ask me, and I think at this point it stops being "news" however the vulnerability is quite interesting..."
- Aug 9 - ModSecurity rocks WAF competition
- "In the Forrester report ModSecurity was recognized as "the most widely deployed web application firewall," with thousands of installations worldwide."
- Aug 2 - Michael Howard's code review process
- Michael recommends prioritizing, but strangely doesn't use threat modeling as a way to do it. Still, a great article because... "No one really likes reviewing source code for security vulnerabilities; it’s slow, tedious, and mind-numbingly boring. Yet, code review is a critical component of shipping secure software to customers. Neglecting it isn’t an option."
- Jul 31 - PCI revisions - code review is coming
- "...PCI's creators may address some prioritization issues in an updated version of the standard, which could be completed by the end of the summer or this fall. The upgraded standard also is expected to contain new provisions for conducting software code reviews, identifying all outside parties involved in payment transactions and ensuring merchant data in hosted environments is adequately partitioned.
