|
|
| (37 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | ; '''Nov 21 - [http://www.csoonline.com/read/110106/fea_strong_auth_pf.html Why two-factor sucks]'''
| + | <IfLanguage Is="en"> |
| − | : "More than 90 percent of the participants in several focus groups said they didn't want to use a token to access accounts online or by phone. "The response we got was, 'Don't tell me I have to carry something to get access to my money. It's your job to protect my money, and if you don't do your job I'll find someone who will,'" says Cullinane, who is CISO of Washington Mutual, the nation's largest savings bank. "It was rather startling to get that from them."
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| | + | </IfLanguage> |
| | + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Nov 13 - [http://searchappsecurity.techtarget.com/originalContent/0,289142,sid92_gci1229301,00.html Growing interest in securing SDLC]'''
| + | <owaspfeed/> |
| − | : "It's becoming an emerging area of interest for enterprises to address application portfolios and review their applications for security. The other angle is, when developing code, making sure that security is taken into consideration throughout the SDLC, instead of just testing during QA prior to GA or prior to releasing to production."
| |
| − | | |
| − | ; '''Nov 9 - [http://www.enterprisestrategygroup.com/ESGPublications/ReportListings.asp?ReportType=briefs SDL 2008 or bust!]'''
| |
| − | : "ESG believes that other ISVs should embrace an SDL model as soon as possible and that enterprise organizations should mandate that technology vendors establish a measurable and transparent SDL process by 2008 or risk losing business."
| |
| − | | |
| − | ; '''Nov 7 - [http://www.sourceforge.net/projects/jbrofuzz JBroFuzz 0.2 Network Protocol Fuzzer Released]'''
| |
| − | :JBroFuzz is a stateless network protocol fuzzer for penetration tests. Written in Java (exe also available) it provides a number of generators, as well as basic checks involving SQL injection, Cross Site Scripting (XSS), Buffer/Integer Overflows, as well as Format String Errors.
| |
| − | | |
| − | ; '''Nov 5 - [http://portal.spidynamics.com/blogs/msutton/archive/2006/09/26/How-Prevalent-Are-SQL-Injection-Vulnerabilities_3F00_.aspx 11.3% Vulnerable to SQL Injection]'''
| |
| − | : Micheal Sutton experimented with a survey of sites that have a parameter named "id" in the URL. He finds that 11.3% of them cough up a SQL error. "The statistics are significant as they provide evidence of the prevalence of web application vulnerabilities. Coverage of this issue has however been somewhat misleading as reports have suggested that it is a measure of what attackers are doing."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
