07-02-2008 12:58
telecharger.vnunet.fr XSS
ironzorg has discovered a vulnerability in telecharger.vnunet.fr, which could be exploited by malicious people to conduct XSS attacks.
 >>

Kompletan tekst: XSSed

07-02-2008 14:17
PTF (Penetration Testing Framework) 0.51 released
The PTF (pentestration tests framework) enumerates the stages one's should perform during a test (as described in the OSSTMM manual) Network footprinting Discovery & Probing Enumeration Vulnerability assessment Penetration (or exploitation) Plus other tests as well as physical, wireless assessment.... - Security Tools / PTF, Methodology, Framework
 >>

Kompletan tekst: security-database

07-02-2008 17:12
Web Application Security Today - Are We All Insane?
CSO magazine was kind enough to publish an opinion piece where I present a top-down view of the current state of web application security. I nervously expect a “spirited” flow of blog comments because it questions the value of certain best-practices and deeply held personal philosophies. Fortunately though our general public discourse has advanced a great deal recently and the community at large is a lot more informed of the challenges at hand. I pulled out a snippet to give a feel.
>>

Kompletan tekst: Jeremiah Grossman

07-02-2008 17:40
PCI-DSS references the outdated OWASP Top Ten
I’m sure other people have noticed this, at least I hope so, but never mentioned it publicly. If you read PCI-DSS 1.1 section 6.5, the part that covers “Cover prevention of common coding vulnerabilities in software development processes”, you’ll notice the list is identical to that of the OWASP Top Ten 2004 while the latest version is 2007:

6.5.1 Unvalidated input
6.5.2 Broken access control (for example, malicious use of user IDs)
6.5.3 Broken authentication and s >>

Kompletan tekst: Jeremiah Grossman

07-02-2008 17:37
PCI-DSS references the outdated OWASP Top Ten
I’m sure other people have noticed this, at least I hope so, but never mentioned it publicly. If you read PCI-DSS 1.1 section 6.5, the part that covers “Cover prevention of common coding vulnerabilities in software development processes”, you’ll notice the list is identical to that of the OWASP Top Ten 2004 while the latest version is 2007:

6.5.1 Unvalidated input
6.5.2 Broken access control (for example, malicious use of user IDs)
6.5.3 Broken authentication and session m >>

Kompletan tekst: Jeremiah Grossman

07-02-2008 21:13
www.ministers.sa.gov.au XSS
sl4xUz has discovered a vulnerability in www.ministers.sa.gov.au, which could be exploited by malicious people to conduct XSS attacks.
 >>

Kompletan tekst: XSSed

07-02-2008 21:14
shop.carphonewarehouse.com XSS
Uber0n has discovered a vulnerability in shop.carphonewarehouse.com, which could be exploited by malicious people to conduct XSS attacks.
 >>

Kompletan tekst: XSSed

[1] 2 3 4 5 ...