This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Template:Application Security News
From OWASP
Revision as of 02:56, 29 May 2006 by Jeff Williams (talk | contribs)
- Mar 29 - Oracle's Davidson blowing steam
- "The pressure to deal with the problem of unreliable and insecure software is building, and the industry has reached a "tipping point...it is now "chief executives who are complaining that what they are getting from their vendor is not acceptable in terms of software assurance." She also argues that Brits make good hackers because they have criminal behavior.
- May 25- Custom escaping considered harmful
- "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."
- May 22 - Oracle teaches developers security
- "We track the security training completion status of each developer and provide regular reports on training compliance to development management and to senior corporate management to ensure a level of security training is maintained in each organization."
