|
Web Application Security
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
I had to build O2 because the state-of-the-art tools (both commercial & open-source and both white & black box) where not designed for knowledgeable web application security consultants (like me).There is a reason why the ado (Read More)
News Network:
Web Application Security
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
I sometime feel that our industry misses the point on what we (security professionals) are doing here.In a nutshell, the current 'Web Application Security assessment' world is far from being ‘working’ (see AppScan 2011 for a (Read More)
News Network:
Web Application Security
Topic:
Vulnerabilities
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
I'm finally home and have a minute to write about the past week's OWASP AppSec DC 2009 conference. And what a conference it was - far and away the best conference on information security of the year. This includes the organ (Read More)
News Network:
Web Application Security
Topic:
Vulnerabilities
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
InformationWeek writers blog on a range of business technology topics: digital life, personal tech, enterprise mobility, Windows/Microsoft, Google, outsourcing, security, IT careers, IT salaries, leadership/management strateg (Read More)
News Network:
Web Application Security
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The ESAPI project is quickly gaining steam. We’ve added a number of strong committers and there are many companies out their adopting. My little addition to ESAPI was just released yesterday at OWASP AppSec DC, the ESAPI Web (Read More)
News Network:
Web Application Security
Topic:
Vulnerabilities
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The newest version of the OWASP Top 10, the Top 10 Most Critical Web Application Security Risks, has been made available as a release candidate! This project is extraordinarily meaningful to the application security industry (Read More)
News Network:
Web Application Security
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The size and scope of the RBS Worldpay ATM heist are unprecedented. The perpetrators stole $9M in a matter of hours from 2100 ATMs worldwide. An indictment was handed down on Nov 10, 2009. I am always on the lookout for ind (Read More)
News Network:
Web Application Security
Topic:
Vulnerabilities
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
After I posted concerns over security in Google Wave, several responses came (including one from Google) emphasizing that Wave was “still in an early preview stage” and many bugs would be fixed before a wider release. I think (Read More)
News Network:
Web Application Security
Topics:
Hacking,
Vulnerabilities
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
Thinking Person's Guide to the Cloud, Part 3b(Part 1, Part 2, Part 3a)So the question is: what *kind* of security services should we build for the Cloud? What do want them to do? What are the goals?Of course, as security prof (Read More)
News Network:
Web Application Security
Topic:
Vulnerabilities
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The Thinking Person's Guide to the CloudHOWTO: Keep your head in the clouds and your feet on the groundBy Gunnar PetersonOctober 27, 2009mnemonic RISK Conference, Oslo, Norway“Everything we think of as a computer today is rea (Read More)
News Network:
Web Application Security
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
SUBTITLE: "I won't test, and you can't make me!"SUBSUBTITLE: "I can't test what I obviously don't understand, and don't care to."So often code goes live (or stays live) just as defined in this post's title: production in lieu (Read More)
News Network:
Web Application Security
Topic:
Vulnerabilities
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The WASS Project which Veracode contributed data to shows some nice benefits to White box (static) over Black box (dynamic) for many serious vulnerability categories. White box overall detects a higher prevalence of many cat (Read More)
News Network:
Web Application Security
Topic:
Vulnerabilities
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1. How does a cross-site scripting (XSS) vulnerability occur? An example is when a w (Read More)
News Network:
Web Application Security
Topic:
Cross Site Scripting
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
OWASP Appsec 09November 10-13Walter E. Washington Convention Center, Washington DCOWASP 2009 SummitNovember 11Walter E. Washington Convention Center, Washington DCCome join the best in the web application security inWashi (Read More)
News Network:
Web Application Security
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
International Conference on Application Security, sponsored by TI-Control Community and the Brazilian Chamber of Deputies, in partnership with OWASP and support from the University of Brasília, UnB. The Computing Centre of t (Read More)
News Network:
Web Application Security
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
Next 6th November we will have the next OWASP-Italy Day.In this occasion CIOs, CTOs, CISOs, Auditors, IT managers, Security Managers and Security Governance managers, will have the opportunity to uptade about the evolution ab (Read More)
News Network:
Web Application Security
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
Dales Olds says that we may be on the verge of a nervous breakthrough in security, I agree and I hope he is right. Interestingly enough the breakthrough like so many before it is being led not by "strategic vision", vendors, (Read More)
News Network:
Web Application Security
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
I usually see session fixation vulnerabilities with Java web applications. Just recently I found a ColdFusion application vulnerable to session fixation. This nasty security hole greatly increases the risk that legitimate (Read More)
News Network:
Web Application Security
Topic:
Vulnerabilities
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
IntroductionThe Month of Facebook Bugs, or FAXX Hacks, is a series of reports on vulnerabilities in Facebook applications. The series was a volunteer research project coordinated by an anonymous blogger known as theharmonyguy (Read More)
News Network:
Web Application Security
Topic:
Vulnerabilities
Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader:
Version 1 of WASSEC (Web Application Security Scanner Evaluation Criteria) is (finally) out! I'm not going to say which section I wrote, but the document is (as far as I know) the first attempt to comprehensively list the fe (Read More)
News Network:
Web Application Security
Add something
|
||||
|
|
||||
