| [ naslovna ] | [ za webmastere ] |  |
Execution
07-02-2008 17:40 PCI-DSS references the outdated OWASP Top Ten  I’m sure other people have noticed this, at least I hope so, but never mentioned it publicly. If you read PCI-DSS 1.1 section 6.5, the part that covers “Cover prevention of common coding vulnerabilities in software development processes”, you’ll notice the list is identical to that of the OWASP Top Ten 2004 while the latest version is 2007:6.5.1 Unvalidated input 6.5.2 Broken access control (for example, malicious use of user IDs) 6.5.3 Broken authentication and s >> Kompletan tekst: Jeremiah Grossman 07-02-2008 17:37 PCI-DSS references the outdated OWASP Top Ten I’m sure other people have noticed this, at least I hope so, but never mentioned it publicly. If you read PCI-DSS 1.1 section 6.5, the part that covers “Cover prevention of common coding vulnerabilities in software development processes”, you’ll notice the list is identical to that of the OWASP Top Ten 2004 while the latest version is 2007:6.5.1 Unvalidated input 6.5.2 Broken access control (for example, malicious use of user IDs) 6.5.3 Broken authentication and session m >> Kompletan tekst: Jeremiah Grossman 07-02-2008 17:37 PCI-DSS references the outdated OWASP Top Ten I’m sure other people have noticed this, at least I hope so, but never mentioned it publicly. If you read PCI-DSS 1.1 section 6.5, the part that covers “Cover prevention of common coding vulnerabilities in software development processes”, you’ll notice the list is identical to that of the OWASP Top Ten 2004 while the latest version is 2007:6.5.1 Unvalidated input 6.5.2 Broken access control (for example, malicious use of user IDs) 6.5.3 Broken authentication and session m >> Kompletan tekst: Jeremiah Grossman 07-06-2008 20:55 Re: Dlai neko moze da mi pomogne oko hijackthis skinuo sam neku musku sa net i racunar mi je posle toga spor skroz
a kasperki mi izbacuje ovo
zlib Denial of Service Vulnerability
Microsoft Excel Multiple Code Execution Vulnerabilities
Microsoft Publisher Object Handler Validation Vulnerability
Microsoft Outlook "mailto:" URI Handling Vulnerability
Microsoft Word Two Code Execution Vulnerabilities
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:56, on 6.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Ex...>> Kompletan tekst: ES::Zastita 07-04-2008 8:55 IE8 XSS Filter design philosophy in-depth  It's great to see some positive reaction to the potential of our XSS Filter. Now we just need to deliver! In this blog post I’ll try to shed some light on our design philosophy. To understand how we have arrived at our current filtering approach, it is useful to look back to the XSS Filter’s very beginnings. Version 1.0 of the XSS Filter prototype, originally released within Microsoft back in 2002, provided users with the following (ugly!) prompt: Clearly this >>Kompletan tekst: Microsoft 07-04-2008 8:55 IE8 XSS Filter design philosophy in-depth It's great to see some positive reaction to the potential of our XSS Filter. Now we just need to deliver! In this blog post I’ll try to shed some light on our design philosophy. To understand how we have arrived at our current filtering approach, it is useful to look back to the XSS Filter’s very beginnings. Version 1.0 of the XSS Filter prototype, originally released within Microsoft back in 2002, provided users with the following (ugly!) prompt: Clearly this >>Kompletan tekst: Microsoft 07-09-2008 20:04 Let the Games Begin  While China is bracing for the 2008 Summer Olympics that it will be hosting in the capital of Beijing from August 8 to August 24, 2008, malware authors are now also busy mounting attacks that play on this quadrennial sporting event. Reports have surfaced about a zero-day MS Word vulnerability affecting Microsoft Word 2000, 2002, and 2003. It is said to affect even patched versions of the popular word-processing application on certain MS Office versions. When exploited, the unspecified >>
|
|
