|
|
| (15 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- please add stories to the main Application Security News page --> | + | <IfLanguage Is="en"> |
| − | ; '''Feb 26 - [http://www.securityfocus.com/infocus/1888 Building Secure Applications: Consistent Logging]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | :SecurityFocus article, "This article examines the dismal state of application-layer logging as observed from the authors’ years of experience in performing source code security analysis on millions of lines of code."
| + | </IfLanguage> |
| | + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Feb 26 - [http://www.honeynet.org/papers/webapp/index.html Know your Enemy: Web Application Threats]'''
| + | <owaspfeed/> |
| − | :A long paper on web application security threats released by honeynet.org. "This paper focuses on application threats against common web applications. After reviewing the fundamentals of a typical attack, we will go on to describe the trends we have observed and to describe the research methods that we currently use to observe and monitor these threats."
| |
| − | | |
| − | ; '''Feb 21 - OWASP Top 10 2007 rc1 feedback'''
| |
| − | :Lots of feedback on the new OWASP Top 10. See e.g. on [http://datasecurity.wordpress.com/2007/02/05/owasp-top-10-for-2007/ PCI DSS blog] with some interesting comments and of course Sylvan von Stuppe's comments on the [http://www.owasp.org/index.php/Top_10_2007 OWASP Top 10 RC1] can be found [http://sylvanvonstuppe.blogspot.com/2007/02/owasp-top-10-2007-update-rc1-a7-a8.html here](A7-A8), [http://sylvanvonstuppe.blogspot.com/2007/02/owasp-top-10-2007-update-rc1-a5-a6.html here](A5-A6), [http://sylvanvonstuppe.blogspot.com/2007/02/owasp-top-10-2007-update-rc1-a3-a4.html here](A3-A4) and [http://sylvanvonstuppe.blogspot.com/2007/01/owasp-top-10-2007-update-rc1-a1-a2.html here] (A1-A2). Last change to review the document prior to February 28th and provide feedback to the [http://lists.owasp.org/mailman/listinfo/owasp-topten [email protected]] mail list. | |
| − | | |
| − | ; '''Feb 21 - [http://blog.washingtonpost.com/securityfix/2007/02/serious_flaw_in_google_desktop.html Serious Flaw in Google Desktop Prompts Patch]'''
| |
| − | :"Search engine giant Google has issued an update for people running its powerful Desktop software. Researchers had demonstrated a potentially devastating security hole in the software that could allow bad guys to snoop on users' computers or even to install additional software."
| |
| − | | |
| − | ; '''Feb 05 - [http://www.scmagazine.com.au/news/45262,myspace-superworm-creator-sentenced-to-probation-community-service.aspx Sammy 'MySpace' KamKar Pleads Guilty in Court]'''
| |
| − | :"The man responsible for unleashing what is believed to be the first self-propagating cross-site scripting worm has pleaded guilty in Los Angeles Superior Court to charges stemming from his most infamous hacking."
| |
| − | | |
| − | ; '''Feb 05 - [http://www.itsecurity.com/security.htm?s=10164 Why Your Organization Must Increase It's Web Application Security Budget]'''
| |
| − | :"The Web application security threat is a real one. A failure to respond to this threat will result in real risk to any enterprise that stores financial or customer data. While the problem is a serious one, it is not something that cannot be fixed so long as proper attention and budget are allocated to it. Unfortunately, given the unique nature of the problem and its impact on the budgetary process, it will likely require direct intervention by the financial staff."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
