HackDig : Dig high-quality web security articles for hackers

NISTIR 8018 - Public Safety Mobile Application Security Requirements Works

The previously mentioned draft NIST Interagency Report (NISTIR) 8018 has now been released in final version.he public safety mobile application security effort focuses on improving the mobile application development process, specifically the mobile application testing tools, by understanding and collecting the security requirements relevant to the public saf
Publish At:2015-01-27 23:15 | Read:3220 | Comments:0 | Tags:design SDLC development operation information assurance tech

London Cyber Security Summit for Startups

OWASP London Chapter is helping host next week's Cyber Startup Summit in conjunction with techUK, PixelPin and Sonatype.The primary focus of the Cyber Startup Summit is to promote innovation across cyber security. It intends to enable collaboration between enterprise security leaders, security startups, creative entrepreneurs, students and academics to discu
Publish At:2015-01-21 20:40 | Read:3183 | Comments:0 | Tags:metrics operation awareness specification maturity SDLC deve

Moonpig Website Vulnerability, Incident and Breaches

Personalised greetings card service Moonpig was all over the popular news yesterday.Paul Price found an exploitable weakness in Moonpig's public API and contacted them in August 2013, and again a year later. Eventually he gave up and published details on Monday.Following much Twitter activity, yesterday Moonpig tweeted:We are aware of claims re customer data
Publish At:2015-01-10 21:25 | Read:5195 | Comments:0 | Tags:technical development vulnerabilities preventative incidents

FTC Final Order Against Snapchat

Following a public comment period in May-June 2014, at the end of December the US consumer protection body Federal Trade Commission has approved a final order settling charges against Snapchat that lasts for twenty years.The charges related to how Snapchat deceived consumers about the automatic deletion of private images sent through the service.The key FTC
Publish At:2015-01-10 21:25 | Read:3324 | Comments:0 | Tags:technical privacy retention administrative specification pol

SANS SWAT Checklist and Poster

The SANS Institute has published a poster called Securing Web Application Technologies (SWAT).SWAT 2014 (PDF) is a two-page large-format colourful poster combining a SWAT checklist with a What Works in Application Security chart.The SWAP checklist groups its suggested best practices into the following areas: authentication, session management, access control
Publish At:2014-12-02 17:05 | Read:6033 | Comments:0 | Tags:testing corrective operation metrics maturity administrative

Game On at OWASP Cambridge and London

Next week I will be attending two free United Kingdom OWASP events, and providing a full talk at one of them.CambridgeOn Tuesday 2nd December, I will speak for the first time at OWASP Cambridge about OWASP Cornucopia, the ecommerce website security requirement card game. Jerome Smith will present a second talk about a SSL Checklist for Pentesters.Also at the
Publish At:2014-11-28 18:25 | Read:4343 | Comments:0 | Tags:vulnerabilities specification technical threats SDLC develop

Two ENISA Reports on Cryptography

At the end of last week, the European Union Agency for Network and Information Security (ENISA) published two reports on the use of cryptography.Algorithms, Key Size and Parameters 2014 (PDF) provides guidance on appropriate cryptographic protective measures for the protection of personal data in online systems. The report defines primitives/schemes that can
Publish At:2014-11-25 22:50 | Read:3892 | Comments:0 | Tags:privacy data protection technical standards guidelines preve

OWASP Snakes and Ladders

In a month's time we will probably be in full office party season. I have been preparing something fun to share and use, that is an awareness document for application security risks and controls.Snakes and Ladders is a popular board game, with ancient provenance imported into Great Britain from Asia by the 19th century. The original game showed the effects o
Publish At:2014-11-06 06:15 | Read:5176 | Comments:0 | Tags:preventative data protection code injection business logic p

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud