|
|
| (86 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <IfLanguage Is="en"> |
| − | ; '''Mon ## - [http://www.artima.com/weblogs/viewpost.jsp?thread=168511 Give offensive coding a try...]'''
| + | This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. |
| − | : Comment or "Quote"
| + | </IfLanguage> |
| − | -->
| + | <IfLanguage Is="es"> |
| | + | Estas noticias son moderadas por OWASP y mostrarán publicaciónes de alta calidad enfocadas en seguridad de aplicaciones de avanzada, proveen razonamiento profundo o son recursos educativos útiles. |
| | + | </IfLanguage> |
| | | | |
| − | ; '''Jul 17 - [http://link Snarky headline]'''
| + | <owaspfeed/> |
| − | : "Spurious null checks are a symptom of bad code. That’s not to say that null checks are wrong. If a vendor gives you a library that can return null, you’re obliged to check for null. And, if people are passing null all over the place in your code, it makes sense to keep putting some null checks in, but, you know what? That just means that you’re dealing with bad code"
| |
| − | | |
| − | ; '''Jul 12 - [http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html Beware integer overflow in Java]'''
| |
| − | : Joshua Bloch (of Java Puzzlers fame) discovered this [[Integer overflow|overflow]] that affects Arrays.binarySearch() and any other divide-and-conquer algorithms (probably other languages as well). "The general lesson that I take away from this bug is humility: It is hard to write even the smallest piece of code correctly, and our whole world runs on big, complex pieces of code."
| |
| − | | |
| − | ; '''Jul 12 - [http://opensource.sys-con.com/read/244332_p.htm Source code secrecy not a countermeasure]'''
| |
| − | : Yet another pointless article discussing whether open-source or closed-source is more secure. The truth is that your application should be secure even if an attacker has the source. If you're using a source code control system (and you absolutely should), there are copies of your code all over the place. So get over it - secrecy isn't a countermeasure.
| |
| − | | |
| − | ; '''Jul 11 - [http://www.yankeegroup.com/public/research/author_page.jsp?ID=E6175864177D44AD Yankee predicts AAP to replace WAF]'''
| |
| − | : In a report titled, "Application Assurance Platforms Arise from Web App Firewall Market’s Ashes," Yankee projects overall product revenue in the evolving AAP market to grow to $230 million by 2009. AAP's are predicted to combine the web application firewall, database security, XML security gateway and application traffic management segments.
| |
| − | | |
| − | ; '''Jul 10 - [http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html Even two-factor authentication can be spoofed]'''
| |
| − | : "The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the "man in the middle" -- it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real."
| |
| − | | |
| − | ; [[Application Security News|Older news...]]
| |
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
