- Injection attacks, its not just SQL!
- You’ve been hacked. Now what?
- The meaning of metrics.
- Symantec exposed passwords,serials… SQL Injection, full database access
- Web Application Security Scanner List
- Facebook Worm Uses Clickjacking in the Wild
- Ping pong obfuscation
- Bypassing CSP for fun, no profit
- Client-side JavaScript file processing may come via File API
- Presentations Available: OWASP AppSec DC 2009
CEO of Bit Discovery, Professional Hacker, Black Belt in Brazilian Jiu-Jitsu, Off-Road Race Car Driver, Founder of WhiteHat Security, and Maui resident.
Friday, November 27, 2009
Best of Application Security (Friday, Nov. 27)
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!
Friday, November 20, 2009
Best of Application Security (Friday, Nov. 20)
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!
- OWASP Top Ten 2010 and The Principles of Secure Development
- Major IE8 flaw makes 'safe' sites unsafe & NoScript author's response
- DNS Rebinding for Scraping and Spamming
- Reversing JavaScript Shellcode: A Step By Step How-To
- Brute-Forcing Compatibility
- Preventing Security Development Errors: Lessons Learned at Windows Live by Using ASP.NET MVC
- OWASP Board - Election Results
- Announcing ModSecurity Handbook
- ESAPI Web Application Firewall released!
- OWASP Top Ten and ESAPI & Part 2
Friday, November 13, 2009
Best of Application Security (Friday, Nov. 13)
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!
- OWASP Top 10 (2010 release candidate 1)
- Flash Origin Policy Issues and FAQ
- Microsoft to release security guidelines for Agile
- WhiteHat Security 8th Website Security Statistics Report Edit Presentation
- Securely deploying cross-domain policy files
- Vulnerability assessment integration with web application firewalls
- ModSecurity Core Rule Set (CRS) <-> PHPIDS Smoketest
- Website Vulnerability Assessment Q4 2009 (EMA Radar Report™ Summary)
- Facebook groups hacked through design flaw
- Microsoft Tries To Censor Bing Vulnerability
OWASP Top 10 (2010 release candidate 1)
The newest version of the OWASP Top 10, the Top 10 Most Critical Web Application Security Risks, has been made available as a release candidate! This project is extraordinarily meaningful to the application security industry as it exercises influence over PCI-DSS, global policy, developer awareness, and product direction. Notable changes were made from the 2007 version to assist organizations in visualizing, understanding, and solving these issues. Now is the time for the application security community to send in their feedback to make the list the best we possibly can by the end of the year when it will be ratified.
Download: presentation (ppt) and the complete document (pdf)
"Welcome to the OWASP Top 10 2010! This significant update presents a more concise, risk focused list of the Top 10 Most Critical Web Application Security Risks. The OWASP Top 10 has always been about risk, but this update makes this much more clear than previous editions, and provides additional information on how to assess these risks for your applications.
For each top 10 item, this release discusses the general likelihood and consequence factors that are used to categorize the typical severity of the risk, and then presents guidance on how to verify whether you have this problem, how to avoid this problem, some example flaws in that area, and pointers to links with more information.

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic methods to protect against these high risk problem areas – a great start to your secure coding security program."
Download: presentation (ppt) and the complete document (pdf)
"Welcome to the OWASP Top 10 2010! This significant update presents a more concise, risk focused list of the Top 10 Most Critical Web Application Security Risks. The OWASP Top 10 has always been about risk, but this update makes this much more clear than previous editions, and provides additional information on how to assess these risks for your applications.


The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic methods to protect against these high risk problem areas – a great start to your secure coding security program."
Friday, November 06, 2009
Best of Application Security (Friday, Nov. 6)
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!
- Another fine method to exploit SQL Injection and bypass WAF
- Security and Facebook Platform
- When Is More Important Than Where in Web Application Security
- Apple - XSS Attack
- Cross-subdomain Cookie Attacks
- PILOT: Production in lieu of testing (AgoraCart FAIL)
- Facebook and MySpace security: backdoor wide open, millions of accounts exploitable
- SSL and TLS Authentication Gap vulnerability discovered
- Using Blended Browser Threats involving Chrome to steal files on your computer
- LinkedIN With 'Bill Gates'
Subscribe to:
Posts (Atom)