vendredi 27 février 2015

5 Ways To Prepare For IoT Security Risks

As the Internet of Things begins to take shape, IT organizations must prepare for change.



via Dark Reading: http://ubm.io/1E30yLi

5 New Vulnerabilities Uncovered In SAP

Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.



via Dark Reading: http://ubm.io/1AfGldT

Black Hat Asia 2015: Target: Malware

Hostile software is ever evolving, and Black Hat-associated research is one of the key loci of information on monitoring, defending against, and nullifying it. With that in mind, today we'll preview a quartet of interesting malware-related Briefings from Black Hat Asia 2015.



via Dark Reading: http://ubm.io/1E30tY8

Jetty vulnerable a des attaques de type #heartbleed http://bit.ly/1E31gbm #appsec #appsecfr #lk #owasp




from Twitter http://bit.ly/1m3TwNH



February 27, 2015 at 10:58AM

via IFTTT

jeudi 26 février 2015

WebRTC requires Perfect Forward Secrecy (PFS) starting in Firefox 38

Today, we are announcing that Firefox 38 will take further measures to secure users’ communications by removing support in WebRTC for all DTLS cipher suites that do not support forward secrecy. For developers: if you have a WebRTC application or server that doesn’t support PFS ciphers, you will need to update your code. Forward secrecy, […]



via Mozilla Hacks - the Web developer blog http://mzl.la/1ESxYJJ

Using Google Cloud Platform for Security Scanning





via Google Online Security Blog http://bit.ly/1and6AQ

Google Expands Pwnium Year Round With Infinite Bounty





via Darknet - The Darkside http://bit.ly/1andGyC

What Every Tech Startup Should Know About Security, Privacy, and Compliance

Not everyone has what it takes to launch a successful tech startup. A compelling vision must propel the founder, fueled by unstoppable passion.



via SANS Information Security Reading Room http://bit.ly/1ESxi6W

12 caractères qu on vous dit !!!!! : Passwords that Pass the Test" http://bit.ly/1JPbuja #lk #appsecfr #appsec #owasp




from Twitter http://bit.ly/1m3TwNH



February 26, 2015 at 07:40AM

via IFTTT

Une faille dans le plug-in d'analyse de WordPress





via Actualités securite http://bit.ly/1DcRwWI

Le directeur de la NSA veut accéder aux communications chiffrées

L'amiral Mike Rogers, directeur des services secrets américains, a souhaité avoir légalement accès aux communications cryptées, quand cela est nécessaire.

















via 01net. Les actualites Entreprise http://bit.ly/1DcRvCg

Cartes SIM : Gemalto minimise le piratage supposé de la NSA

Le fabricant franco-néerlandais exclut un vol massif de clés de chiffrement depuis son réseau par la NSA et le GCHQ. Il renvoie la patate chaude vers les opérateurs et les fournisseurs de téléphones

















via 01net. Les actualites Entreprise http://bit.ly/1EtAdFc

Vol de données : modification de l’article 323-3 du Code pénal

La loi n°2014-1353 du 13 novembre 2014, renforçant les dispositions relatives à la lutte contre le terrorisme opère, par son article 16, un changement de rédaction de l’article 323-3 du Code pénal, permettant de réprimer le vol de données, sans toutefois recourir à la qualification de vol. Institués par la loi dite « Godfrain », […]



via Lexing Alain Bensoussan Avocats http://bit.ly/1ESoFJP

mardi 24 février 2015

Introducing Cyber Risk Report 2015

crr2015-cover-snip.PNGThe entire HP Security Research team is pleased to announce the release of our annual Cyber Risk Report, a recap of what mattered in 2014 and where we believe the infosecurity world is heading in 2015.






via HP Security Research Blog articles http://bit.ly/1DiasFX

A Two Factor Authentication Makeover for your Protection





from Security Architect http://bit.ly/1Di9ZUc

via IFTTT

lundi 23 février 2015

Une belle vulnérabilité dans #samba http://bit.ly/1w3ZFdv #appsec #appsecfr #lk #blog




from Twitter http://bit.ly/1m3TwNH



February 23, 2015 at 10:41PM

via IFTTT

Google assouplit les regles de divulgation des failles 0days http://bit.ly/1Bgbe97 #appsec #appsecfr #security #blog #lk




from Twitter http://bit.ly/1m3TwNH



February 23, 2015 at 10:38PM

via IFTTT

gemalto n avoue pas s être fait pirate par la nsa




from Twitter http://bit.ly/1m3TwNH



February 23, 2015 at 05:08PM

via IFTTT

Superfish en quelques tweets

Verifier que votre #lenovo est ou n est pas infecte par #superfish http://bit.ly/1weSLHU #appsec #appsecfr #blog #lk




from Twitter http://bit.ly/1m3TwNH



February 23, 2015 at 07:03AM

via IFTTT

100% of IoT are vulnerables http://bit.ly/1w0J5v2 #iot #appsec #appsecfr #lk #blog #security #securite




from Twitter http://bit.ly/1m3TwNH



February 23, 2015 at 06:56AM

via IFTTT

samedi 21 février 2015

Coffee #fail

"Lenovo accusé d’infecter ses propres PC. Le protocole sécurisé SSL aurait été atteint. (20/02/2015)" http://bit.ly/1Ge6KOy #blog




from Twitter http://bit.ly/1m3TwNH



February 21, 2015 at 09:45AM

via IFTTT

Pourquoi la securite des applications est critique

Tout est dans la phrase que l on voit la.....

La confiance dans l application dans notre économie est critique aujourd'hui.
Il n y a pas un seul endroit sans application et donc sans logiciel....

lundi 16 février 2015

OWASP SonarQube Project milestones update

6 months ago we start OWASP Sonarqube project with SonarSource. It's time to make a review of our achievements.

  1. We(Advens and SonarSource) start the project for Java Langage
  2. We have , actually, approximatively 40 rules tags OWASP Top10 in Sonarqube plugins. See : http://jira.sonarsource.com/browse/RSPEC-2588?jql=labels%20%3D%20owasp-top10
  3. We are in the process to have a widget for making a dashboard in Sonar.
  4. We have presented the project to 2 conferences (http://fr.slideshare.net/Eagle42/analyser-la-scurit-de-son-code-source-avec-sonarsource) and one other is plan in end of March.
  5. Last but not least, we NEED your feedback, the rules you want to implements and more.

Any contributor is highly welcome to participate to this community effort and participating is pretty easy :

  • Each idea of a new potential valuable check should be sent to this project mailing list.
  • Then some discussions might start to challenge the idea
  • At the end of discussions, a specification of the check is created in the following JIRA project by one of the leader of this project : http://jira.sonarsource.com/browse/RSPEC.
  • To suggest a rule, send as much as possible from the following list:
    • description - What should be done/not done, and why
    • noncompliant code example in the language of your choice
    • remediation action - This can be as simple as "Don't do X."

//Activation syntaxhilight