This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Application Security News"

From OWASP
Jump to: navigation, search
m
 
(30 intermediate revisions by 5 users not shown)
Line 1: Line 1:
<!-- please add stories to the main Application Security News page -->
+
<IfLanguage Is="en">
 +
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
 +
</IfLanguage>
 +
<IfLanguage Is="es">
 +
Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles.
 +
</IfLanguage>
  
; '''Dec 13 - [http://www.washingtonpost.com/wp-dyn/content/article/2006/12/12/AR2006121200173.html UCLA spins massive breach]'''
+
<owaspfeed/>
: Why not just say what measures you've really taken? Are all developers trained? Do you do code review and security testing? "Jim Davis, UCLA's chief information officer, said a computer trespasser used a program designed to exploit an undetected software flaw to bypass all security measures and gain access to the restricted database that contains information on about 800,000 current and former students, faculty and staff, as well as some student applicants and parents of students or applicants who applied for financial aid. 'In spite of our diligence, a sophisticated hacker found and exploited a subtle vulnerability in one of hundreds of applications,' Davis said in the statement."
 
 
 
; '''Dec 10 - [http://news.com.com/Security+Bites+Podcast+MySpace,+Apple+in+patch+snafu/2324-12640_3-6142120.html MySpace and Apple mess]'''
 
: MySpace and Apple show how NOT to handle security incidents (see also [http://blog.washingtonpost.com/securityfix/2006/12/how_not_to_distribute_security_1.html How Not to Distribute Security Patches])
 
; '''Nov 28 - [[OWASP JBroFuzz|JBroFuzz 0.3 Released]]'''
 
: This version adds a more stable core, length updating for fuzzed POST requests and allows you to specify your own fuzz vectors in a separate file.
 
 
 
; '''Dec 2 - [http://blogs.oracle.com/security/2006/11/27#a39 Oracle blames security researchers]'''
 
: "We do not credit security researchers who disclose the existence of vulnerabilities before a fix is available. We consider such practices, including disclosing 'zero day' exploits, to be irresponsible." So the question on everybody's mind - is the [http://www.oracle.com/security/software-security-assurance.html Oracle Software Security Assurance] program real? Or are David Litchfield and Cesar Cerrudo right that Emperor has no clothes?
 
 
 
; [[Application Security News|Older news...]]
 

Latest revision as of 15:30, 6 May 2012

This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.


<owaspfeed/>