This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Template:Application Security News
From OWASP
Revision as of 23:38, 1 June 2006 by Jeff Williams (talk | contribs)
- Jun 1 - Coders too cool for school?
- "Keep the flaws out from the beginning and you have bought yourself several pounds of prevention. Baking security in up front is logical and makes good technical and business sense; however, getting your developers on board with security training is not necessarily going to be an easy task."
- Mar 29 - Oracle's Davidson blowing steam
- "The pressure to deal with the problem of unreliable and insecure software is building, and the industry has reached a tipping point...it is now chief executives who are complaining that what they are getting from their vendor is not acceptable in terms of software assurance." She also argues that Brits make good hackers because they have criminal behavior.
- May 25- Custom escaping considered harmful
- "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."
