HackDig : Dig high-quality web security articles for hacker

SANS 2015 State of Application Security

The SANS Institute has published this year's survey results about application security programmes.In a change to last year's report the authors of 2015 State of Application Security: Closing theGap have identified and broken down their analysis and reporting into two groups of survey respondents - builders and defenders.Jim Bird, Eric Johnson and Frank Kim a
Publish At:2015-05-18 09:00 | Read:3233 | Comments:0 | Tags:testing information assurance disposal development maturity

Penetration Testing Guidance for PCI DSS

The Payment Card Industry (PCI) Security Standards Council (PCI SSC) has published another information supplement for PCI Data Security Standard (PCI DSS), this time on penetration testing. It would appear there has been a large variability in penetration tests being undertaken for PCI DSS.Information Supplement: Penetration Testing Guidance, v1 March 2015,
Publish At:2015-04-07 07:45 | Read:2407 | Comments:0 | Tags:vulnerabilities information assurance technical threats oper

Participate in the OWASP Project Summit in Amsterdam

The Open Web Application Security Project (OWASP) is supporting a project summit during the two days prior to the main AppSec EU conference.A project summit on Tuesday 19th and Wednesday 20th May has been announced and information published on the AppSec EU 2015 web site. The concept of the summit is to work on improving and extending project outputs with ot
Publish At:2015-03-31 15:30 | Read:3759 | Comments:0 | Tags:testing corrective operation maturity preventative technical

Financial Conduct Authority Update March 2015

The UK's Financial Conduct Authority (FCA) is becoming more proactive in the online application space.Following last year's consultation on use of social media, the FCA has completed its review and has now confirmed its approach for financial promotions in social media.The finalised guidance has been published as FG15/4 - Social Media and Customer Communicat
Publish At:2015-03-27 15:25 | Read:2918 | Comments:0 | Tags:administrative information assurance technical threats opera

Register Today for OWASP AppSec EU 2015 in Amsterdam

The leading application security training and conference event is being held in Amsterdam from 19th to 22nd May 2015. Register today.OWASP AppSec EU 2015 is being held in the Amsterdam RAI Convention Centre just a single train stop from both Schiphol Airport in one direction, and central station in the other.AppSec EU 2015 comprises:One and two-day training
Publish At:2015-02-27 16:20 | Read:2885 | Comments:0 | Tags:testing corrective operation maturity preventative technical

Software Assurance Maturity Model Practitioner Workshop

The OWASP Open Software Assurance Maturity Model (Open SAMM) team are holding a summit in Dublin at the end of March.As part of the two-day Open SAMM Summit 2015 a full day is being allocated to software assurance practitioners and those who want to learn about using the vendor-neutral and free Open SAMM to help measure, build and maintain security throughou
Publish At:2015-02-21 02:50 | Read:3677 | Comments:0 | Tags:testing corrective standards maturity preventative technical

NIST SP 800-163 Vetting the Security of Mobile Applications

In the last of my run of three mobile app related posts, US standards body National Institute of Standards and Technology (NIST) has released Special Publication (SP) 800-163 Vetting the Security of Mobile Applications.SP 800-163 is for organisations that plan to implement a mobile app vetting process or consume app vetting results from other parties. It is
Publish At:2015-02-10 14:40 | Read:2981 | Comments:0 | Tags:corrective administrative preventative technical threats SDL

NISTIR 8018 - Public Safety Mobile Application Security Requirements Works

The previously mentioned draft NIST Interagency Report (NISTIR) 8018 has now been released in final version.he public safety mobile application security effort focuses on improving the mobile application development process, specifically the mobile application testing tools, by understanding and collecting the security requirements relevant to the public saf
Publish At:2015-01-27 23:15 | Read:2587 | Comments:0 | Tags:design SDLC development operation information assurance tech

London Cyber Security Summit for Startups

OWASP London Chapter is helping host next week's Cyber Startup Summit in conjunction with techUK, PixelPin and Sonatype.The primary focus of the Cyber Startup Summit is to promote innovation across cyber security. It intends to enable collaboration between enterprise security leaders, security startups, creative entrepreneurs, students and academics to discu
Publish At:2015-01-21 20:40 | Read:2694 | Comments:0 | Tags:metrics operation awareness specification maturity SDLC deve

Moonpig Website Vulnerability, Incident and Breaches

Personalised greetings card service Moonpig was all over the popular news yesterday.Paul Price found an exploitable weakness in Moonpig's public API and contacted them in August 2013, and again a year later. Eventually he gave up and published details on Monday.Following much Twitter activity, yesterday Moonpig tweeted:We are aware of claims re customer data
Publish At:2015-01-10 21:25 | Read:4728 | Comments:0 | Tags:technical development vulnerabilities preventative incidents

SANS SWAT Checklist and Poster

The SANS Institute has published a poster called Securing Web Application Technologies (SWAT).SWAT 2014 (PDF) is a two-page large-format colourful poster combining a SWAT checklist with a What Works in Application Security chart.The SWAP checklist groups its suggested best practices into the following areas: authentication, session management, access control
Publish At:2014-12-02 17:05 | Read:5531 | Comments:0 | Tags:testing corrective operation metrics maturity administrative

OWASP Snakes and Ladders

In a month's time we will probably be in full office party season. I have been preparing something fun to share and use, that is an awareness document for application security risks and controls.Snakes and Ladders is a popular board game, with ancient provenance imported into Great Britain from Asia by the 19th century. The original game showed the effects o
Publish At:2014-11-06 06:15 | Read:4539 | Comments:0 | Tags:preventative data protection code injection business logic p

Application Security and Privacy Mapping 2014

The chart detailing the most important guidance, standards, legislation and organisations that can influence mobile and web application development security and privacy in the UK has been comprehensively updated.Principal Influences on UK Applications is managed by me and published on my company's web site as a mind map diagram and text tree, together with a
Publish At:2014-10-11 10:45 | Read:3945 | Comments:0 | Tags:policies standards legislation administrative information as

Request to Participate in the OWASP CISO Survey 2014

The OWASP CISO Survey Report was published in January 2014.OWASP is again conducting the survey among senior information security leaders and managers and needs your help. The results will be published in the OWASP CISO Report 2014 which will be free to access and use. The project team has asked if we can share this invitation with security contacts in com
Publish At:2014-10-07 19:50 | Read:3169 | Comments:0 | Tags:corrective administrative maturity technical SDLC informatio

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud