HackDig : Dig high-quality web security articles for hacker

HTTP Strict Transport Security (HSTS) Preload Lists

There is a growing wave of websites and other web applications that are now moving to be TSL-only (transport layer security only, aka SSL-only).Apart from the web site being browsed using "https", the server can also send a policy instruction in the form of a HTTP Strict Transport Security (HSTS) header. There are of course considerations for HSTS
Publish At:2015-07-07 17:20 | Read:2792 | Comments:0 | Tags:administrative SSL preventative technical operation policies

FCA Guidance on Financial Crime

The UK's Financial Conduct Authority (FCA) has published updated guidance on reducing the risk of financial crime.Financial Crime: A Guide for Firms Part 1: A Firm's Guide to Preventing Financial Crime provides information to regulated firms on how to avoid financial crime. But many of the topics and guidance will be of use to a wider audience. The document
Publish At:2015-05-28 05:05 | Read:3045 | Comments:0 | Tags:requirements legislation physical administrative preventativ

SANS 2015 State of Application Security

The SANS Institute has published this year's survey results about application security programmes.In a change to last year's report the authors of 2015 State of Application Security: Closing theGap have identified and broken down their analysis and reporting into two groups of survey respondents - builders and defenders.Jim Bird, Eric Johnson and Frank Kim a
Publish At:2015-05-18 09:00 | Read:3082 | Comments:0 | Tags:testing information assurance disposal development maturity

Lightning OWASP Project Presentations at AppSec EU 2015

AppSec EU 2015 begins in two weeks. It is being held in Amsterdam at the Amsterdam RAI exhibition and conference centre.With the news yesterday that the number of conference attendee bookings has surpassed 400, together with the training, capture the flag competition, university challenge, application security hackathon, computer gaming, networking and organ
Publish At:2015-05-09 22:15 | Read:3720 | Comments:0 | Tags:requirements SDLC testing development owasp projects appsece

PCI DSS v3.1 for Ecommerce Payments

Lots happening this week. The Payment Card Industry Security Standard Council (PCI SSC) has announced the release of an update to the PCI Data Security Standard (PCI DSS).PCI DSS v3.1 (15 April 2015), includes several changes to reflect changing threats and recently discovered vulnerabilities, but also including some clarifications and additional guidance.Th
Publish At:2015-04-16 15:55 | Read:2259 | Comments:0 | Tags:technical SSL threats PCIDSS monitoring preventative

Security of Public Communications Network and Service Providers

The European Union Agency for Network and Information Security (ENISA) has published guidance on what nations should take into account when evaluating the security compliance of public communications network and service providers.The requirements relate to Article 13a of the Framework Directive (2009/140/EC) and Article 4 of the e-Privacy Directive (2002/58/
Publish At:2015-04-15 23:55 | Read:2276 | Comments:0 | Tags:detective technical threats operation corrective legislation

Participate in the OWASP Project Summit in Amsterdam

The Open Web Application Security Project (OWASP) is supporting a project summit during the two days prior to the main AppSec EU conference.A project summit on Tuesday 19th and Wednesday 20th May has been announced and information published on the AppSec EU 2015 web site. The concept of the summit is to work on improving and extending project outputs with ot
Publish At:2015-03-31 15:30 | Read:3507 | Comments:0 | Tags:testing corrective operation maturity preventative technical

The Hard Problem of Securing Enterprise Applications

This paper about securing enterprise applications has been sitting in my email since November. I eventually got round to reading it and apologise for not highlighting it sooner.Vendor recommended security controls and compliance requirements leave huge gaps in application security. ... Most have no understanding of how the application platforms work, where s
Publish At:2015-03-20 07:00 | Read:2901 | Comments:0 | Tags:detective ids technical threats defense monitoring correctiv

Payment Security and PCI DSS Compliance 2015

Verizon has published its annual PCI Compliance Report 2015 covering data up to the end of 2014, describing compliance, the sustainability of controls and ongoing risk management.PCI Compliance Report 2015 analyses information from PCI Data Security Standard (PCI DSS) assessments undertaken by Verizon between 2012 and 2014, together with additional data from
Publish At:2015-03-17 15:00 | Read:2834 | Comments:0 | Tags:detective metrics technical PCIDSS validation maturity corre

User Interface Modifications to Combat Buyer Fraud

A paper published for the 2015 Network and Distributed System Security (NDSS) Symposium in February describes user interface modification techniques to address liar buyer fraud, and the results of experiments assessing the potential for these to reduce ecommerce fraud losses.Liar Buyer Fraud, and How to Curb It authors Markus Jakobsson, Hossein Siadati and M
Publish At:2015-03-03 14:50 | Read:2476 | Comments:0 | Tags:defense administrative preventative threats operation awaren

Register Today for OWASP AppSec EU 2015 in Amsterdam

The leading application security training and conference event is being held in Amsterdam from 19th to 22nd May 2015. Register today.OWASP AppSec EU 2015 is being held in the Amsterdam RAI Convention Centre just a single train stop from both Schiphol Airport in one direction, and central station in the other.AppSec EU 2015 comprises:One and two-day training
Publish At:2015-02-27 16:20 | Read:2723 | Comments:0 | Tags:testing corrective operation maturity preventative technical

Software Assurance Maturity Model Practitioner Workshop

The OWASP Open Software Assurance Maturity Model (Open SAMM) team are holding a summit in Dublin at the end of March.As part of the two-day Open SAMM Summit 2015 a full day is being allocated to software assurance practitioners and those who want to learn about using the vendor-neutral and free Open SAMM to help measure, build and maintain security throughou
Publish At:2015-02-21 02:50 | Read:3390 | Comments:0 | Tags:testing corrective standards maturity preventative technical

AppSensor Now A Flagship OWASP Project

I was extremely pleased at the release of the v2 AppSensor reference implementation inJanuary. Now I am excited that the Open Web Application Security Project (OWASP) has elevated the project's status.The completely voluntary OWASP project task force, led by Johanna Curiel, has been working through a backlog of project reviews. Over the last couple of years
Publish At:2015-02-17 04:00 | Read:3030 | Comments:0 | Tags:technical administrative preventative incidents threats oper

NIST SP 800-163 Vetting the Security of Mobile Applications

In the last of my run of three mobile app related posts, US standards body National Institute of Standards and Technology (NIST) has released Special Publication (SP) 800-163 Vetting the Security of Mobile Applications.SP 800-163 is for organisations that plan to implement a mobile app vetting process or consume app vetting results from other parties. It is
Publish At:2015-02-10 14:40 | Read:2768 | Comments:0 | Tags:corrective administrative preventative technical threats SDL

OWASP AppSensor Code v2.0.0 Final Release

I was extremely pleased to read yesterday that the final version of the new AppSensor reference implementation has been published following three previous release candidates.The OWASP AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement application intrusion detection and automated response.John Melt
Publish At:2015-01-30 16:15 | Read:2774 | Comments:0 | Tags:logging automation ids technical threats operation developme

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud