This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
| Line 1: | Line 1: | ||
| + | ; '''Aug 22 - [http://www.wired.com/news/politics/privacy/1,71622-0.html The privacy debacle hall of shame]''' | ||
| + | : "[The AOL screwup] may have been one of the dumbest privacy debacles of all time, but it certainly wasn't the first. Here are ten other privacy snafus that made the world an unsafer place." | ||
| + | |||
| + | ; '''Aug 22 - [http://www.infoworld.com/article/06/08/16/HNyahoosecurityplug_1.html Yahoo touches application security's third rail - encoding]''' | ||
| + | : "The problem was Yahoo Mail's handling of attachments. By creating an HTML attachment with different encoding schemes, one could have bypassed Yahoo Mail's security filter and executed malicious JavaScript code" | ||
| + | |||
; '''Aug 22 - [http://www.corsaire.com/white-papers/060816-assessing-java-clients-with-the-beanshell.pdf Nifty approach to rich Java client testing]''' | ; '''Aug 22 - [http://www.corsaire.com/white-papers/060816-assessing-java-clients-with-the-beanshell.pdf Nifty approach to rich Java client testing]''' | ||
: "The BeanShell provides a convenient means of inspecting and manipulating a Java application during execution. This allows the security tester to bypass security controls on the client and verify the security controls on the server. It also allows for the automation of tedious tests such as brute force testing." | : "The BeanShell provides a convenient means of inspecting and manipulating a Java application during execution. This allows the security tester to bypass security controls on the client and verify the security controls on the server. It also allows for the automation of tedious tests such as brute force testing." | ||
| Line 7: | Line 13: | ||
; '''Aug 14 - [http://www.cio-today.com/story.xhtml?story_id=45124 Ajax threat coming fast]''' | ; '''Aug 14 - [http://www.cio-today.com/story.xhtml?story_id=45124 Ajax threat coming fast]''' | ||
: "We've gone from kids screwing around to criminals looking for ways to make money in less than eight months...Imagine when the same flaws are used to steal money from financial institutions" | : "We've gone from kids screwing around to criminals looking for ways to make money in less than eight months...Imagine when the same flaws are used to steal money from financial institutions" | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
; [[Application Security News|Older news...]] | ; [[Application Security News|Older news...]] | ||
Revision as of 13:04, 22 August 2006
- Aug 22 - The privacy debacle hall of shame
- "[The AOL screwup] may have been one of the dumbest privacy debacles of all time, but it certainly wasn't the first. Here are ten other privacy snafus that made the world an unsafer place."
- Aug 22 - Yahoo touches application security's third rail - encoding
- "The problem was Yahoo Mail's handling of attachments. By creating an HTML attachment with different encoding schemes, one could have bypassed Yahoo Mail's security filter and executed malicious JavaScript code"
- Aug 22 - Nifty approach to rich Java client testing
- "The BeanShell provides a convenient means of inspecting and manipulating a Java application during execution. This allows the security tester to bypass security controls on the client and verify the security controls on the server. It also allows for the automation of tedious tests such as brute force testing."
- Aug 15 - Yes, you have an XSS problem
- The Washington Post lists flaws in sites from Verisign, eEye Digital Security, Cisco Systems F-Secure, Snort.org, National Security Agency, etc... If you're not sure whether you have XSS problems or not, you probably do. You're compromising your customer's accounts and data. Should the Post be publishing live exploits? We don't think so.
- Aug 14 - Ajax threat coming fast
- "We've gone from kids screwing around to criminals looking for ways to make money in less than eight months...Imagine when the same flaws are used to steal money from financial institutions"
