This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Template:Application Security News
From OWASP
- Jul 18 - Fortify study shows raging storm
- "On average, 50%-70% of attacks experienced by web applications come from bots and bot networks searching for known vulnerabilities...The effect is much like a storm raging over a landscape – the probes are sprayed throughout the Internet and ceaselessly (and somewhat randomly) hit web applications."
- Jul 18 - Think liability for vendors will work? Try unreliable programming
- Imagine there was liability for software vendors. They would introduce "an interesting new paradigm of programming. Methods of this school of programming could include: Do something random, procrastination, decoy, blame someone else, and Inject errors in other running programs."
- Jul 17 - Give offensive coding a try
- "Spurious null checks are a symptom of bad code. That’s not to say that null checks are wrong. If a vendor gives you a library that can return null, you’re obliged to check for null. And, if people are passing null all over the place in your code, it makes sense to keep putting some null checks in, but, you know what? That just means that you’re dealing with bad code"
- Jul 12 - Beware integer overflow in Java
- Joshua Bloch (of Java Puzzlers fame) discovered this overflow that affects Arrays.binarySearch() and any other divide-and-conquer algorithms (probably other languages as well). "The general lesson that I take away from this bug is humility: It is hard to write even the smallest piece of code correctly, and our whole world runs on big, complex pieces of code."
