HackDig : Dig high-quality web security articles for hacker

Web Application Firewall Magic Quadrant 2015

Gartner has published an updated "magic quadrant" report about Web Application Firewall (WAF) vendors.Sixteen vendor offerings are assessed. To be included, the product has to be actively marketed, use techniques designed for web security, and not just use attack signature-based approach found in other devices such as next-generation firewalls and
Publish At:2015-07-21 09:15 | Read:3501 | Comments:0 | Tags:threats technical firewalls corrective detective operation

FCA Guidance on Financial Crime

The UK's Financial Conduct Authority (FCA) has published updated guidance on reducing the risk of financial crime.Financial Crime: A Guide for Firms Part 1: A Firm's Guide to Preventing Financial Crime provides information to regulated firms on how to avoid financial crime. But many of the topics and guidance will be of use to a wider audience. The document
Publish At:2015-05-28 05:05 | Read:3090 | Comments:0 | Tags:requirements legislation physical administrative preventativ

SANS 2015 State of Application Security

The SANS Institute has published this year's survey results about application security programmes.In a change to last year's report the authors of 2015 State of Application Security: Closing theGap have identified and broken down their analysis and reporting into two groups of survey respondents - builders and defenders.Jim Bird, Eric Johnson and Frank Kim a
Publish At:2015-05-18 09:00 | Read:3148 | Comments:0 | Tags:testing information assurance disposal development maturity

Lightning OWASP Project Presentations at AppSec EU 2015

AppSec EU 2015 begins in two weeks. It is being held in Amsterdam at the Amsterdam RAI exhibition and conference centre.With the news yesterday that the number of conference attendee bookings has surpassed 400, together with the training, capture the flag competition, university challenge, application security hackathon, computer gaming, networking and organ
Publish At:2015-05-09 22:15 | Read:3807 | Comments:0 | Tags:requirements SDLC testing development owasp projects appsece

Summary of Last Year's ICO Enforcement Action

PwC UK has published a summary of enforcement actions taken by the Information Commissioner's Office (ICO) in 2014.The Privacy and Security Enforcement Tracker 2014 summarises and comments on information originally published by the ICO on its web site concerning actions it has taken against organisations. This includes enforcement notices, monetary penalty n
Publish At:2015-04-28 06:00 | Read:3072 | Comments:0 | Tags:administrative privacy corrective identity data protection t

London Insurance Markets and Cyber Risk Insurance

The UK government has published a report on the role of insurance markets in managing and mitigating cyber risk. UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk describes how insurance can be another mechanism for cyber risk reduction, encouraging steps to reduce risk through reduced premiums, and providing insight from claims an
Publish At:2015-04-17 08:35 | Read:3494 | Comments:0 | Tags:administrative technical corrective physical insurance

Security of Public Communications Network and Service Providers

The European Union Agency for Network and Information Security (ENISA) has published guidance on what nations should take into account when evaluating the security compliance of public communications network and service providers.The requirements relate to Article 13a of the Framework Directive (2009/140/EC) and Article 4 of the e-Privacy Directive (2002/58/
Publish At:2015-04-15 23:55 | Read:2358 | Comments:0 | Tags:detective technical threats operation corrective legislation

Participate in the OWASP Project Summit in Amsterdam

The Open Web Application Security Project (OWASP) is supporting a project summit during the two days prior to the main AppSec EU conference.A project summit on Tuesday 19th and Wednesday 20th May has been announced and information published on the AppSec EU 2015 web site. The concept of the summit is to work on improving and extending project outputs with ot
Publish At:2015-03-31 15:30 | Read:3684 | Comments:0 | Tags:testing corrective operation maturity preventative technical

The Hard Problem of Securing Enterprise Applications

This paper about securing enterprise applications has been sitting in my email since November. I eventually got round to reading it and apologise for not highlighting it sooner.Vendor recommended security controls and compliance requirements leave huge gaps in application security. ... Most have no understanding of how the application platforms work, where s
Publish At:2015-03-20 07:00 | Read:2997 | Comments:0 | Tags:detective ids technical threats defense monitoring correctiv

Payment Security and PCI DSS Compliance 2015

Verizon has published its annual PCI Compliance Report 2015 covering data up to the end of 2014, describing compliance, the sustainability of controls and ongoing risk management.PCI Compliance Report 2015 analyses information from PCI Data Security Standard (PCI DSS) assessments undertaken by Verizon between 2012 and 2014, together with additional data from
Publish At:2015-03-17 15:00 | Read:2949 | Comments:0 | Tags:detective metrics technical PCIDSS validation maturity corre

Introduction to AppSensor for Developers

Following the recent v2.0 code release and promotion to flagship status there has been increased interest in the OWASP AppSensor Project concerning application-specific real-time attack detection and response.During the OWASP podcast interview with project co-leader John Melton, the idea of creating briefings for target groups was discussed by podcast host M
Publish At:2015-03-06 06:40 | Read:4357 | Comments:0 | Tags:corrective administrative specification technical threats op

Register Today for OWASP AppSec EU 2015 in Amsterdam

The leading application security training and conference event is being held in Amsterdam from 19th to 22nd May 2015. Register today.OWASP AppSec EU 2015 is being held in the Amsterdam RAI Convention Centre just a single train stop from both Schiphol Airport in one direction, and central station in the other.AppSec EU 2015 comprises:One and two-day training
Publish At:2015-02-27 16:20 | Read:2780 | Comments:0 | Tags:testing corrective operation maturity preventative technical

Software Assurance Maturity Model Practitioner Workshop

The OWASP Open Software Assurance Maturity Model (Open SAMM) team are holding a summit in Dublin at the end of March.As part of the two-day Open SAMM Summit 2015 a full day is being allocated to software assurance practitioners and those who want to learn about using the vendor-neutral and free Open SAMM to help measure, build and maintain security throughou
Publish At:2015-02-21 02:50 | Read:3514 | Comments:0 | Tags:testing corrective standards maturity preventative technical

AppSensor Now A Flagship OWASP Project

I was extremely pleased at the release of the v2 AppSensor reference implementation inJanuary. Now I am excited that the Open Web Application Security Project (OWASP) has elevated the project's status.The completely voluntary OWASP project task force, led by Johanna Curiel, has been working through a backlog of project reviews. Over the last couple of years
Publish At:2015-02-17 04:00 | Read:3165 | Comments:0 | Tags:technical administrative preventative incidents threats oper

NIST SP 800-163 Vetting the Security of Mobile Applications

In the last of my run of three mobile app related posts, US standards body National Institute of Standards and Technology (NIST) has released Special Publication (SP) 800-163 Vetting the Security of Mobile Applications.SP 800-163 is for organisations that plan to implement a mobile app vetting process or consume app vetting results from other parties. It is
Publish At:2015-02-10 14:40 | Read:2842 | Comments:0 | Tags:corrective administrative preventative technical threats SDL

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud