HackDig : Dig high-quality web security articles for hacker

Hackers Can’t Break This Style of Coding, Confirm Researchers

On April 7, 2014, the world first learned about the Heartbleed vulnerability. A small flaw in OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520), Heartbleed enables an attacker to unravel the encryption measures in systems protected by vulnerable OpenSSL software, which some at the time estimated
Publish At:2016-09-26 14:50 | Read:1488 | Comments:0 | Tags:Cyber Security Featured Articles coding formal verification

AppSensor Guide v2.0.2

I have published an updated version of the OWASP AppSensor Guide, the guide to application-specific real time attack detection and response.The v2.0.2 AppSensor Guide is available free of charge digitally in DOC and PDF formats, and in print at cost from Lulu.This is a minor update that includes:Reference the extensive work on the reference code implementati
Publish At:2015-07-28 16:35 | Read:1856 | Comments:0 | Tags:testing development design threats technical specification m

Hosted Payment Pages, the Payment Services Directive and PCI DSS Validation & Reporting

Following the release of PCI DSS v3.0 in November 2013, both the PCI SSC and Visa Europe sought to clarify the validation and reporting requirements for the e-commerce payment channel.The guidance from the PCI SSC (May 2014) and guidance from Visa Europe (July 2014) made it clear that either a full redirect or iframe method containing a hosted payment page (
Publish At:2015-07-07 17:20 | Read:2065 | Comments:0 | Tags:awareness legislation PCIDSS design technical specification

Ecommerce and Financial Web Application Vulnerabilities

NCC Group has published some guidance for finance/e-commerce application penetration testers.Common Security Issues in Financially-Oriented Web Applications is arranged in the following sections:Time-of-Check-Time-of-Use (TOCTOU) and race condition issuesParameter manipulationReplay attacks (capture-replay)Rounding issuesNumerical processingCard number-relat
Publish At:2015-06-20 13:05 | Read:1523 | Comments:0 | Tags:testing development PCIDSS design threats technical specific

AppSensor Code Version 2.1 and Beyond

Last Tuesday John Melton completed and announced the release of the AppSensor version 2.1.0 reference implementation.OWASP AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement application intrusion detection and automated response. The reference implementation allows developers to use these powerful
Publish At:2015-06-15 13:30 | Read:1612 | Comments:0 | Tags:development design threats technical specification monitorin

Opinion on Data Protection in Mobile Health

The European Data Protection Supervisor (EDPS), responsible for protecting personal data and privacy and promoting good practice in the EU institutions and bodies, has published an opinion on Mobile Health.Opinion 1/2015 Mobile Health (mHealth) discusses the opportunities and potential benefits of the convergence of IT and the health sector, especially the u
Publish At:2015-06-02 19:55 | Read:1408 | Comments:0 | Tags:legislation administrative design technical privacy specific

SANS 2015 State of Application Security

The SANS Institute has published this year's survey results about application security programmes.In a change to last year's report the authors of 2015 State of Application Security: Closing theGap have identified and broken down their analysis and reporting into two groups of survey respondents - builders and defenders.Jim Bird, Eric Johnson and Frank Kim a
Publish At:2015-05-18 09:00 | Read:1822 | Comments:0 | Tags:testing information assurance disposal development maturity

Lightning OWASP Project Presentations at AppSec EU 2015

AppSec EU 2015 begins in two weeks. It is being held in Amsterdam at the Amsterdam RAI exhibition and conference centre.With the news yesterday that the number of conference attendee bookings has surpassed 400, together with the training, capture the flag competition, university challenge, application security hackathon, computer gaming, networking and organ
Publish At:2015-05-09 22:15 | Read:2028 | Comments:0 | Tags:requirements SDLC testing development owasp projects appsece

AppSensor CISO Briefing

Following the release of the Introduction for Developers in February, the OWASP AppSensor team has now created and published a new document aimed at Chief Information Security Officers (CISOs) and others with similar responsibilities.The CISO Briefing is a high-level overview, with pointers to the more detailed resources for specifiers, architects, developer
Publish At:2015-04-24 20:20 | Read:2200 | Comments:0 | Tags:incidents logging operation automation specification technic

Participate in the OWASP Project Summit in Amsterdam

The Open Web Application Security Project (OWASP) is supporting a project summit during the two days prior to the main AppSec EU conference.A project summit on Tuesday 19th and Wednesday 20th May has been announced and information published on the AppSec EU 2015 web site. The concept of the summit is to work on improving and extending project outputs with ot
Publish At:2015-03-31 15:30 | Read:1887 | Comments:0 | Tags:testing corrective operation maturity preventative technical

Introduction to AppSensor for Developers

Following the recent v2.0 code release and promotion to flagship status there has been increased interest in the OWASP AppSensor Project concerning application-specific real-time attack detection and response.During the OWASP podcast interview with project co-leader John Melton, the idea of creating briefings for target groups was discussed by podcast host M
Publish At:2015-03-06 06:40 | Read:3090 | Comments:0 | Tags:corrective administrative specification technical threats op

User Interface Modifications to Combat Buyer Fraud

A paper published for the 2015 Network and Distributed System Security (NDSS) Symposium in February describes user interface modification techniques to address liar buyer fraud, and the results of experiments assessing the potential for these to reduce ecommerce fraud losses.Liar Buyer Fraud, and How to Curb It authors Markus Jakobsson, Hossein Siadati and M
Publish At:2015-03-03 14:50 | Read:1409 | Comments:0 | Tags:defense administrative preventative threats operation awaren

Register Today for OWASP AppSec EU 2015 in Amsterdam

The leading application security training and conference event is being held in Amsterdam from 19th to 22nd May 2015. Register today.OWASP AppSec EU 2015 is being held in the Amsterdam RAI Convention Centre just a single train stop from both Schiphol Airport in one direction, and central station in the other.AppSec EU 2015 comprises:One and two-day training
Publish At:2015-02-27 16:20 | Read:1777 | Comments:0 | Tags:testing corrective operation maturity preventative technical

Software Assurance Maturity Model Practitioner Workshop

The OWASP Open Software Assurance Maturity Model (Open SAMM) team are holding a summit in Dublin at the end of March.As part of the two-day Open SAMM Summit 2015 a full day is being allocated to software assurance practitioners and those who want to learn about using the vendor-neutral and free Open SAMM to help measure, build and maintain security throughou
Publish At:2015-02-21 02:50 | Read:2083 | Comments:0 | Tags:testing corrective standards maturity preventative technical

AppSensor Now A Flagship OWASP Project

I was extremely pleased at the release of the v2 AppSensor reference implementation inJanuary. Now I am excited that the Open Web Application Security Project (OWASP) has elevated the project's status.The completely voluntary OWASP project task force, led by Johanna Curiel, has been working through a backlog of project reviews. Over the last couple of years
Publish At:2015-02-17 04:00 | Read:1684 | Comments:0 | Tags:technical administrative preventative incidents threats oper

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud