HackDig : Dig high-quality web security articles for hacker

AppSensor Guide v2.0.2

I have published an updated version of the OWASP AppSensor Guide, the guide to application-specific real time attack detection and response.The v2.0.2 AppSensor Guide is available free of charge digitally in DOC and PDF formats, and in print at cost from Lulu.This is a minor update that includes:Reference the extensive work on the reference code implementati
Publish At:2015-07-28 16:35 | Read:1856 | Comments:0 | Tags:testing development design threats technical specification m

Web Application Firewall Magic Quadrant 2015

Gartner has published an updated "magic quadrant" report about Web Application Firewall (WAF) vendors.Sixteen vendor offerings are assessed. To be included, the product has to be actively marketed, use techniques designed for web security, and not just use attack signature-based approach found in other devices such as next-generation firewalls and
Publish At:2015-07-21 09:15 | Read:2373 | Comments:0 | Tags:threats technical firewalls corrective detective operation

HTTP Strict Transport Security (HSTS) Preload Lists

There is a growing wave of websites and other web applications that are now moving to be TSL-only (transport layer security only, aka SSL-only).Apart from the web site being browsed using "https", the server can also send a policy instruction in the form of a HTTP Strict Transport Security (HSTS) header. There are of course considerations for HSTS
Publish At:2015-07-07 17:20 | Read:1506 | Comments:0 | Tags:administrative SSL preventative technical operation policies

Hosted Payment Pages, the Payment Services Directive and PCI DSS Validation & Reporting

Following the release of PCI DSS v3.0 in November 2013, both the PCI SSC and Visa Europe sought to clarify the validation and reporting requirements for the e-commerce payment channel.The guidance from the PCI SSC (May 2014) and guidance from Visa Europe (July 2014) made it clear that either a full redirect or iframe method containing a hosted payment page (
Publish At:2015-07-07 17:20 | Read:2065 | Comments:0 | Tags:awareness legislation PCIDSS design technical specification

AppSensor Code Version 2.1 and Beyond

Last Tuesday John Melton completed and announced the release of the AppSensor version 2.1.0 reference implementation.OWASP AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement application intrusion detection and automated response. The reference implementation allows developers to use these powerful
Publish At:2015-06-15 13:30 | Read:1612 | Comments:0 | Tags:development design threats technical specification monitorin

FCA Guidance on Financial Crime

The UK's Financial Conduct Authority (FCA) has published updated guidance on reducing the risk of financial crime.Financial Crime: A Guide for Firms Part 1: A Firm's Guide to Preventing Financial Crime provides information to regulated firms on how to avoid financial crime. But many of the topics and guidance will be of use to a wider audience. The document
Publish At:2015-05-28 05:05 | Read:2195 | Comments:0 | Tags:requirements legislation physical administrative preventativ

SANS 2015 State of Application Security

The SANS Institute has published this year's survey results about application security programmes.In a change to last year's report the authors of 2015 State of Application Security: Closing theGap have identified and broken down their analysis and reporting into two groups of survey respondents - builders and defenders.Jim Bird, Eric Johnson and Frank Kim a
Publish At:2015-05-18 09:00 | Read:1822 | Comments:0 | Tags:testing information assurance disposal development maturity

Lightning OWASP Project Presentations at AppSec EU 2015

AppSec EU 2015 begins in two weeks. It is being held in Amsterdam at the Amsterdam RAI exhibition and conference centre.With the news yesterday that the number of conference attendee bookings has surpassed 400, together with the training, capture the flag competition, university challenge, application security hackathon, computer gaming, networking and organ
Publish At:2015-05-09 22:15 | Read:2028 | Comments:0 | Tags:requirements SDLC testing development owasp projects appsece

AppSensor CISO Briefing

Following the release of the Introduction for Developers in February, the OWASP AppSensor team has now created and published a new document aimed at Chief Information Security Officers (CISOs) and others with similar responsibilities.The CISO Briefing is a high-level overview, with pointers to the more detailed resources for specifiers, architects, developer
Publish At:2015-04-24 20:20 | Read:2200 | Comments:0 | Tags:incidents logging operation automation specification technic

Data Breach Investigations Report 2015

The Verizon annual Data Breach Investigations Report was published last week.The Data Breach Investigations Report (DBIR) summarises findings from the collection and analysis of almost 80,000 security incidents relating to over 2,000 confirmed data breaches, sourced from 70 contributing organisations.A breakdown by industry sector is provided. The 2015 DBIR
Publish At:2015-04-21 10:35 | Read:2037 | Comments:0 | Tags:vulnerabilities administrative incidents threats operation t

Security of Public Communications Network and Service Providers

The European Union Agency for Network and Information Security (ENISA) has published guidance on what nations should take into account when evaluating the security compliance of public communications network and service providers.The requirements relate to Article 13a of the Framework Directive (2009/140/EC) and Article 4 of the e-Privacy Directive (2002/58/
Publish At:2015-04-15 23:55 | Read:1536 | Comments:0 | Tags:detective technical threats operation corrective legislation

Remote Banking Fraud Up, Card Fraud Up

The Financial Fraud Action UK (FFA UK) has published its latest figures about financial fraud in the UK.e-commerce card fraud losses increased from £190.1m in 2013 to £217.4m in 2014 — a 14 per cent riseIn a news release published at the end of March, the FFA UK states the increase is primarily due to a change in tactic by fraudsters who are deceiving custom
Publish At:2015-04-14 15:55 | Read:1852 | Comments:0 | Tags:defense metrics incidents PCIDSS operation

Penetration Testing Guidance for PCI DSS

The Payment Card Industry (PCI) Security Standards Council (PCI SSC) has published another information supplement for PCI Data Security Standard (PCI DSS), this time on penetration testing. It would appear there has been a large variability in penetration tests being undertaken for PCI DSS.Information Supplement: Penetration Testing Guidance, v1 March 2015,
Publish At:2015-04-07 07:45 | Read:1105 | Comments:0 | Tags:vulnerabilities information assurance technical threats oper

Participate in the OWASP Project Summit in Amsterdam

The Open Web Application Security Project (OWASP) is supporting a project summit during the two days prior to the main AppSec EU conference.A project summit on Tuesday 19th and Wednesday 20th May has been announced and information published on the AppSec EU 2015 web site. The concept of the summit is to work on improving and extending project outputs with ot
Publish At:2015-03-31 15:30 | Read:1887 | Comments:0 | Tags:testing corrective operation maturity preventative technical

Financial Conduct Authority Update March 2015

The UK's Financial Conduct Authority (FCA) is becoming more proactive in the online application space.Following last year's consultation on use of social media, the FCA has completed its review and has now confirmed its approach for financial promotions in social media.The finalised guidance has been published as FG15/4 - Social Media and Customer Communicat
Publish At:2015-03-27 15:25 | Read:2020 | Comments:0 | Tags:administrative information assurance technical threats opera

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud