|
|
| (92 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <IfLanguage Is="en"> |
| − | ; '''Mon ## - [http://link Snarky headline]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | : Comment or "Quote"
| + | </IfLanguage> |
| − | -->
| + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jul 7 - [http://softwaredev.itbusinessnet.com/articles/viewarticle.jsp?id=47176 Who's changed their process?]'''
| + | <owaspfeed/> |
| − | : "All software has security defects," insists Michael Howard, senior security program manager at Microsoft. "You either do something about it, or you don't...What worries me is how little attention [software] vendors are paying to this. I know of nobody else who has changed their process."
| |
| − | | |
| − | ; '''Jul 7 - [http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001637&source=NLT_PM&nlid=8 PCI update will mandate application security]'''
| |
| − | : "Visa U.S.A. Inc. and MasterCard International Inc. will release new security rules in the next 30 to 60 days for all organizations that handle credit card data, a Visa official said this week. The rules will be the first major updates to the one-year-old Payment Card Industry (PCI) data security standard, which analysts said is slowly but surely being adopted. Extensions are aimed at protecting credit card data from emerging Web application security threats."
| |
| − | | |
| − | ; '''Jul 5 - [http://ha.ckers.org/blog/20060704/cross-site-scripting-vulnerability-in-google/ Even Google has application security issues]'''
| |
| − | : RSnake writes about [[XSS]], [[CSRF]], and [[Open redirect|open redirect]] problems in google.com. "While surfing around the personalization section of Google I ran accross the RSS feed addition tool which is vulnerable to XSS. The employees at Google were aware of XSS as they protected against it as an error condition, however..."
| |
| − | | |
| − | ; '''Jul 5 - [http://www-128.ibm.com/developerworks/library/j-ajax4/index.html?ca=dnw-723 Just because it's AJAX doesn't mean you don't need input validation]'''
| |
| − | : "Google Web Toolkit's conflation of client-side and server-side code is inherently dangerous. Because you program everything in the Java language, with GWT's abstraction concealing the client/server split, it's easy to be misled into thinking that your client-side code can be trusted at run time. This is a mistake. Any code that executes in a Web browser can be tampered with, or bypassed completely, by a malicious user."
| |
| − | | |
| − | ; '''Jul 3 - [http://www.cio.com/archive/070106/tl_privacy.html FTC throws Nations Holding into the briar patch]'''
| |
| − | : This is an outrage. Companies can now continue to play fast and loose with people's data, safe in the knowledge that their only penalty will be to do stuff they ought to be doing anyway. Thanks FTC.
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
