This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Template:Application Security News

From OWASP
Revision as of 17:01, 5 November 2006 by OWASP (talk | contribs)

Jump to: navigation, search
Sep 1 - Don't blame the browser
Client side applications are all intertwined, and a flaw in one may compromise the rest. But don't forget the web applications!
Oct 25 - Michael Howard's advice from OWASP AppSec Conference
Michael argued convincingly for a comprehensive application security education program first, then use of tools, threat modeling, and code review. His presentation and all the rest are on the conference page
Oct 24 - Hackers get organized
"Hackers have been breaking into customer accounts at large online brokerages in the United States and making unauthorized trades worth millions of dollars as part of a fast-growing new form of online fraud under investigation by federal authorities. E-Trade Financial Corp. said last week that "concerted rings" in Eastern Europe and Thailand caused their customers $18 million in losses in the third quarter alone. Another company, TD Ameritrade, the third-largest online broker, also has suffered losses from customer account fraud, but a spokeswoman declined to quantify the amount yesterday. "It is an industry problem. It does continue to grow."
Oct 19 - MSDN Magazine AppSec Issue
Great articles from Michael Howard and crew on Threat Modeling, SSO, Extending SDL, and an interesting article on SQL truncation attacks
Older news...