|
|
| (17 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- please add stories to the main Application Security News page --> | + | <IfLanguage Is="en"> |
| | + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| | + | </IfLanguage> |
| | + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Feb 05 - [http://www.scmagazine.com.au/news/45262,myspace-superworm-creator-sentenced-to-probation-community-service.aspx Sammy 'MySpace' KamKar Pleads Guilty in Court]'''
| + | <owaspfeed/> |
| − | :"The man responsible for unleashing what is believed to be the first self-propagating cross-site scripting worm has pleaded guilty in Los Angeles Superior Court to charges stemming from his most infamous hacking."
| |
| − | | |
| − | ; '''Feb 05 - [http://www.itsecurity.com/security.htm?s=10164 Why You're Organization Must Increase It's Web Application Security Budget]'''
| |
| − | :"The Web application security threat is a real one. A failure to respond to this threat will result in real risk to any enterprise that stores financial or customer data. While the problem is a serious one, it is not something that cannot be fixed so long as proper attention and budget are allocated to it. Unfortunately, given the unique nature of the problem and its impact on the budgetary process, it will likely require direct intervention by the financial staff."
| |
| − | | |
| − | ; '''Feb 05 - [http://www10.mcadcafe.com/nbc/articles/view_article.php?section=CorpNews&articleid=347382 X-Force Notes Increase in Vulnerabilities. Where are the "X-Men" to fix them?]'''
| |
| − | :" According to the report, which was developed by the IBM Internet Security Systems (ISS) X-Force(R) research and development team, there were 7,247 new vulnerabilities recorded and analyzed by the X-Force in 2006, which equates to an average of 20 new vulnerabilities per day. This total represents a nearly 40 percent increase over what ISS reported in 2005. Over 88 percent of 2006 vulnerabilities could be exploited remotely, and over 50 percent allowed attackers to gain access to a machine after exploitation. "
| |
| − | | |
| − | ; '''Feb 05 - [http://www.huffingtonpost.com/avi-rubin/bad-software-all-around_b_40119.html Rubin Smacks Diebold Once Again]'''
| |
| − | :"Given what I've seen about voting system standards and voting system testing labs, I would bet money that the parking garage system at Baltimore Penn Station was tested more extensively before it was deployed than the Diebold voting machines that we use in Maryland."
| |
| − | | |
| − | ; '''Jan 23 - [http://www.gnucitizen.org/projects/greasecarnaval Greasemonkey Backdoor Proof of Concept]'''
| |
| − | : A simple [http://greasemonkey.mozdev.org/ Greasemonkey] script that illustrates the potential for abuse by hooking a backdoor to your browser using Javascipt and AJAX techniques.
| |
| − | | |
| − | ; '''Jan 23 - [[Announce:Web Honeynet|Web Honeynet Project Announcement]]'''
| |
| − | : The newly formed Web Honeynet Project from SecuriTeam and the ISOTF will in the next few months announce research on real-world web server attacks which infect web servers with: Tools, connect-back shells, bots, downloaders, malware, etc. which are all cross-platform (for web servers) and currently exploited in the wild.
| |
| − | | |
| − | ; '''Jan 22 - Also worth a read:
| |
| − | : [http://sylvanvonstuppe.blogspot.com/2007/01/rude-awakening.html A Rude Awakening] , [http://sylvanvonstuppe.blogspot.com/2007/01/rude-awakening.html Making Security Rewarding] [http://www.onjava.com/lpt/a/6844 Discovering a Java Application's Security Requirements], [http://www.darkreading.com/document.asp?doc_id=115110&WT.svl=news1_1 Security Startups Make Debut], [http://www.eweek.com/article2/0,1895,2085461,00.asp Source Code Specialist Fortify to Buy Secure Software] , [http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html Ajax Sniffer - Prrof of concept], [http://portal.spidynamics.com/blogs/msutton/ Decoding the Google Blacklist], [http://newsroom.eworldwire.com/view_release.php?id=16273 Visual WebGui Announces The Dot.Net Answer To Google's GWT],
| |
| − | | |
| − | ; '''Jan 18 - [http://www.securityfocus.com/news/11436?ref=rss Don't take security advice from the devil you know!]
| |
| − | : He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
