HackDig : Dig high-quality web security articles for hacker

FCA Guidance on Financial Crime

The UK's Financial Conduct Authority (FCA) has published updated guidance on reducing the risk of financial crime.Financial Crime: A Guide for Firms Part 1: A Firm's Guide to Preventing Financial Crime provides information to regulated firms on how to avoid financial crime. But many of the topics and guidance will be of use to a wider audience. The document
Publish At:2015-05-28 05:05 | Read:2403 | Comments:0 | Tags:requirements legislation physical administrative preventativ

Lightning OWASP Project Presentations at AppSec EU 2015

AppSec EU 2015 begins in two weeks. It is being held in Amsterdam at the Amsterdam RAI exhibition and conference centre.With the news yesterday that the number of conference attendee bookings has surpassed 400, together with the training, capture the flag competition, university challenge, application security hackathon, computer gaming, networking and organ
Publish At:2015-05-09 22:15 | Read:2354 | Comments:0 | Tags:requirements SDLC testing development owasp projects appsece

Snakes & Ladders Coming To Shoreditch

A week on Monday, on the 11th May, I will be speaking during the MAKE day at this year's Digital Shoreditch.The Digital Shoreditch Festival 2015 is a two week mass-community celebration with participants from the world of tech, creative, and all related industries, running from 11th to 24th May. The schedule for the main programme (11th-15th May) has a separ
Publish At:2015-05-01 16:30 | Read:2000 | Comments:0 | Tags:vulnerabilities design technical threats testing requirement

CMA Consultations on Consumer Data

The UK Competition and Markets Authority (CMA) has two current related consultations.Data Sharing and Open Data in BankingFollowing the publication of the report Data Sharing and Open Data for Banks in December 2014 which examined how financial technology firms can make better use of bank data on behalf of customers through application programming interfaces
Publish At:2015-02-02 20:10 | Read:1900 | Comments:0 | Tags:administrative technical threats requirements data protectio

Moonpig Website Vulnerability, Incident and Breaches

Personalised greetings card service Moonpig was all over the popular news yesterday.Paul Price found an exploitable weakness in Moonpig's public API and contacted them in August 2013, and again a year later. Eventually he gave up and published details on Monday.Following much Twitter activity, yesterday Moonpig tweeted:We are aware of claims re customer data
Publish At:2015-01-10 21:25 | Read:3583 | Comments:0 | Tags:technical development vulnerabilities preventative incidents

FTC Final Order Against Snapchat

Following a public comment period in May-June 2014, at the end of December the US consumer protection body Federal Trade Commission has approved a final order settling charges against Snapchat that lasts for twenty years.The charges related to how Snapchat deceived consumers about the automatic deletion of private images sent through the service.The key FTC
Publish At:2015-01-10 21:25 | Read:2187 | Comments:0 | Tags:technical privacy retention administrative specification pol

Game On at OWASP Cambridge and London

Next week I will be attending two free United Kingdom OWASP events, and providing a full talk at one of them.CambridgeOn Tuesday 2nd December, I will speak for the first time at OWASP Cambridge about OWASP Cornucopia, the ecommerce website security requirement card game. Jerome Smith will present a second talk about a SSL Checklist for Pentesters.Also at the
Publish At:2014-11-28 18:25 | Read:2778 | Comments:0 | Tags:vulnerabilities specification technical threats SDLC develop

Payment Checkout Flaws and Bugs

The announcement last week by researchers from Newcastle University about a problem with Visa's contactless cards reminded me to mention again commons issues with checkout and payment functions in web and mobile applications.The Visa fault relates to not enforcing the same limits on transactions when using foreign currencies.The paper is being presented this
Publish At:2014-11-06 06:15 | Read:2286 | Comments:0 | Tags:PADSS mobile technical vulnerabilities data protection priva

OWASP Snakes and Ladders

In a month's time we will probably be in full office party season. I have been preparing something fun to share and use, that is an awareness document for application security risks and controls.Snakes and Ladders is a popular board game, with ancient provenance imported into Great Britain from Asia by the 19th century. The original game showed the effects o
Publish At:2014-11-06 06:15 | Read:3109 | Comments:0 | Tags:preventative data protection code injection business logic p

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud