First article of the new year is in regards to the flourishing WebAppSec community and it’s guidance effort targeting developers and consumers alike. The threat of web application vulnerabilities is now a common-place theme in this new day. Over the last ten years, the advent of the information security community, something previously overlook, has been it’s gradual embracing of the need for web application security as data, handling and formatting become more dynamic. The community has turned itself 180-degrees from reactive to proactive, albeit without a widely adopted standardization in responsiblity / disclosure (which in itself has led to a significant uprise in baseless, malicious disclosures by the 13-year-old next door, savvy with his laptop and his illegitmate copy of AppScan). Continue reading ‘WebAppSec and Consumer Ignorance’
Search
Months
Recent Entries
- proactive forensics necessary in a decade
- High Performance Computing with CUDA
- Connection Pooling in Hibernate using C3PO.
- theReformed provides server for OSx86Scene
- Securing Data OffShore
- Shameful Plug time… ZipMyURL.com
- THEORY: Apple OSX Spaces Vulnerable
- Apple Wins by the Numbers
- MySpace Gambles Big on Lost Cause
- And From the Shadows of Confusion
Worth Reading
- XSSFilter Released - You may have already seen the news about the new XSSFilter in IE8.0 but I wanted to echo it here as well, because it’s a pretty major new release. It does a great job of preventing most of the
- The Government?s Top Hackers? - Popular Mechanics recently published an article about the NSA Red Team, which caught my interest, having been a part of that organization for a short stint back in early 2000. The article does a
- AV Industry on the Run - All too accurate cartoon from Ikarus Security Software, brought to my attention from Dancho Dankev (here), who has become one of my favorite bloggers to read.
- CitySec Updates And Now More Ways To Stalk Us! - STLSec. Shawn @ Agurasec yelled at me for not letting everyone know that St. Louis has an active CitySec meetup: The next STLSec is July 10 @ the Fox and Hound. Be there or be square. We had a
- Friday Squid Blogging: Giant Squid Found off Santa Cruz Coast - It's twenty-five feet long, with tenticles the size of human legs....
- CitiBank Card Numbers and PINS Stolen in Server Breach - Many years ago, (like ten or more) there was a major US bank (BoA, CitiBank I don’t remember) that had a major security breach. I don’t remember all the details, and Google has been less
- ARDAgent.app Vulnerability Analysis - Apple recently released Mac OS X 10.5.4 with accompanying security updates for 25 vulnerabilities. Notably absent, however, is a fix for the recently brouhaha’d ARDAgent.app local privilege
