Welcome to the web application security News Network
This News Network is designed to help people track and share news about web application security.
web application security
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
I had to build O2 because the state-of-the-art tools (both commercial & open-source and both white & black box) where not designed for knowledgeable web application security consultants (like me).There is a reason why the adoption rate of these tools is very LOW (by security professionals, developers, software architects, e (Read More)
Topics:
web application security
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
I'm finally home and have a minute to write about the past week's OWASP AppSec DC 2009 conference. And what a conference it was - far and away the best conference on information security of the year. This includes the organization, the venue, the audience/attendees and the presenters.I think some of my favorite presentati (Read More)
Topics:
vulnerabilities,
web application security
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
InformationWeek writers blog on a range of business technology topics: digital life, personal tech, enterprise mobility, Windows/Microsoft, Google, outsourcing, security, IT careers, IT salaries, leadership/management strategy and more. (Read More)
Topics:
web application security
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The ESAPI project is quickly gaining steam. We’ve added a number of strong committers and there are many companies out their adopting. My little addition to ESAPI was just released yesterday at OWASP AppSec DC, the ESAPI Web Application Firewall. Slides here.You don’t need to implement the rest of ESAPI to use it, since it’ (Read More)
Topics:
web application security,
vulnerabilities
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The newest version of the OWASP Top 10, the Top 10 Most Critical Web Application Security Risks, has been made available as a release candidate! This project is extraordinarily meaningful to the application security industry as it exercises influence over PCI-DSS, global policy, developer awareness, and product direction. (Read More)
Topics:
web application security
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The size and scope of the RBS Worldpay ATM heist are unprecedented. The perpetrators stole $9M in a matter of hours from 2100 ATMs worldwide. An indictment was handed down on Nov 10, 2009. I am always on the lookout for indictments and trials related to computer crime because this is often the only time the details of the (Read More)
Topics:
vulnerabilities,
web application security
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
After I posted concerns over security in Google Wave, several responses came (including one from Google) emphasizing that Wave was “still in an early preview stage” and many bugs would be fixed before a wider release. I think that clarifying why I would bother discussing bugs in a preview product may raise a few important p (Read More)
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
Thinking Person's Guide to the Cloud, Part 3b(Part 1, Part 2, Part 3a)So the question is: what *kind* of security services should we build for the Cloud? What do want them to do? What are the goals?Of course, as security professionals we know the goal is Confidentiality, Integrity and Availability. Right?Wrong. The worst go (Read More)
Topics:
web application security,
vulnerabilities
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The Thinking Person's Guide to the Cloud, Part 2(Part 1)Remember my friend Hoff's question - why doesn't the OWASP Top Ten change? Why don't these problems get fixed? Let's look at some of the OWASP Top Ten [8] issues, an overview of some of the fixes, and see if the Cloud is likely to remedy any of them. The first because (Read More)
Topics:
cross site scripting,
vulnerabilities
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The Thinking Person's Guide to the CloudHOWTO: Keep your head in the clouds and your feet on the groundBy Gunnar PetersonOctober 27, 2009mnemonic RISK Conference, Oslo, Norway“Everything we think of as a computer today is really just a device that connects to the big computer that we are all collectively building"-Tim O'Rei (Read More)
Topics:
web application security
1
Clip
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
Many security researchers are familiar with BeEF, a browser exploitation framework by Wade Alcorn. In short, BeEF is a program that brings together various types of code for taking advantage of known vulnerabilities in web browsers. If a target computer loads a certain bit of code within a web page, that code connects to a (Read More)
Topics:
hacking,
vulnerabilities
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
SUBTITLE: "I won't test, and you can't make me!"SUBSUBTITLE: "I can't test what I obviously don't understand, and don't care to."So often code goes live (or stays live) just as defined in this post's title: production in lieu of testing.Put this thinking together with vendor/developers who clearly don't understand security (Read More)
Topics:
web application security,
vulnerabilities
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The WASS Project which Veracode contributed data to shows some nice benefits to White box (static) over Black box (dynamic) for many serious vulnerability categories. White box overall detects a higher prevalence of many categories which we can extrapolate to having lower FN rates. Now the sample set of apps is not the sa (Read More)
Topics:
vulnerabilities,
web application security
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
There has been a lot of discussion in the blogosphere over the last few months on costs and ROI justifications for building secure software. Back in July, I responded to a post by Jeremiah Grossman, CTO at White Hat Software, which examined the end-to-end costs of software security, whether and how upfront investments in a (Read More)
Topics:
hacking,
vulnerabilities
0
Clips
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1. How does a cross-site scripting (XSS) vulnerability occur? An example is when a web application does not encode the output that is sent to the browser, this can make the site suscep (Read More)
Add something
invite your friends to the "web application security" News Network
Info and Settings
Created by: Csimpson4
Created on:
Aug 15, 2008
News Network Members (6)
Topics
Use the arrows to adjust the relevance rankings.
(primary topic)
Sources
|
||||||||||||
|
|
||||||||||||
