This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Template:Application Security News
From OWASP
- Sep 1 - Don't blame the browser
- Client side applications are all intertwined, and a flaw in one may compromise the rest. But don't forget the web applications!
- Oct 25 - Michael Howard's advice from OWASP AppSec Conference
- Michael argued convincingly for a comprehensive application security education program first, then use of tools, threat modeling, and code review. His presentation and all the rest are on the conference page
- Oct 24 - Hackers get organized
- "Hackers have been breaking into customer accounts at large online brokerages in the United States and making unauthorized trades worth millions of dollars as part of a fast-growing new form of online fraud under investigation by federal authorities. E-Trade Financial Corp. said last week that "concerted rings" in Eastern Europe and Thailand caused their customers $18 million in losses in the third quarter alone. Another company, TD Ameritrade, the third-largest online broker, also has suffered losses from customer account fraud, but a spokeswoman declined to quantify the amount yesterday. "It is an industry problem. It does continue to grow."
- Oct 19 - MSDN Magazine AppSec Issue
- Great articles from Michael Howard and crew on Threat Modeling, SSO, Extending SDL, and an interesting article on SQL truncation attacks