This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Application Security News"

From OWASP
Jump to: navigation, search
m
 
(44 intermediate revisions by 5 users not shown)
Line 1: Line 1:
; '''Oct 25 - [http://www.computerweekly.com/Articles/2006/10/23/219377/Microsoft+takes+Vista+security+to+a+new+level+using.htm Michael Howard's advice from OWASP AppSec Conference]'''
+
<IfLanguage Is="en">
: Michael argued convincingly for a comprehensive application security education program first, then use of tools, threat modeling, and code review. His presentation and all the rest are on the [[OWASP_AppSec_Seattle_2006/Agenda|conference page]]
+
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
 +
</IfLanguage>
 +
<IfLanguage Is="es">
 +
Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles.
 +
</IfLanguage>
  
; '''Oct 24 - [http://www.washingtonpost.com/wp-dyn/content/article/2006/10/23/AR2006102301257.html Hackers get organized]'''
+
<owaspfeed/>
: "Hackers have been breaking into customer accounts at large online brokerages in the United States and making unauthorized trades worth millions of dollars as part of a fast-growing new form of online fraud under investigation by federal authorities. E-Trade Financial Corp. said last week that "concerted rings" in Eastern Europe and Thailand caused their customers $18 million in losses in the third quarter alone. Another company, TD Ameritrade, the third-largest online broker, also has suffered losses from customer account fraud, but a spokeswoman declined to quantify the amount yesterday. "It is an industry problem. It does continue to grow."
 
 
 
; '''Oct 19 - [http://msdn.microsoft.com/msdnmag/issues/06/11/default.aspx MSDN Magazine AppSec Issue]'''
 
: Great articles from Michael Howard and crew on Threat Modeling, SSO, Extending SDL, and an interesting article on SQL truncation attacks
 
 
 
; '''Oct 19 - [http://news.com.com/Netflix+fixes+Web+2.0+bugs/2100-1002_3-6126438.html?tag=cd.lede Netflix hit with CSRF - who's next?]'''
 
: All you did was load a web page - how did that add movies to my Netflix account? [[Cross-Site Request Forgery]] attacks are usually as simple as image links to another site. If you're logged in, the attack succeeds. Netflix got burned, but many sites are susceptible to this attack.
 
 
 
; '''Oct 17 - [http://www.businessweek.com/technology/content/sep2006/tc20060926_175459.htm?chan=top+news_top+news+index Bill Joy gets religion]'''
 
: Welcome Bill! "Rather than simply building big walls around their networks, developers must become proactive about security and include it from the beginning of an application's development. They must consider the possible threats to the system and review source code-the software's blueprint-for security flaws, thereby vastly improving overall security."
 
 
 
; '''Oct 17 - [http://www.securityfocus.com/columnists/334 Marcus Ranum disses IPv6]'''
 
: "IPv6 is just another network protocol, and if you look at where the problems are occurring in computer security, they're largely up in application space. From a security standpoint IPv6 adds very little that could offer an improvement: in return for the addition of some encryption and machine-to-machine authentication, we get a great deal of additional complexity. The additional complexity of the IPv6 stack will certainly prove to be the home of all kinds of fascinating new bugs and denial-of-service attacks."
 
 
 
; '''Oct 15 - [http://link RSnake says IE7 sucks less for XSS]'''
 
: Everybody revamp your blacklists (wish you'd done a whitelist now?) - "IE7.0 appears to be quite an improvement in overall security though. I’m glad the JavaScript directive has been relegated to IFRAMEs and HREFs rather than being possible anywhere a location was - thereby definitely reducing the attack surface for the newest browser from Microsoft"
 
 
 
; [[Application Security News|Older news...]]
 

Latest revision as of 15:30, 6 May 2012

This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.


<owaspfeed/>