Aller au contenu | Aller au menu | Aller à la recherche
lundi 7 juin 2010
Par S. le lundi 7 juin 2010, 23:56 - Links
OWASP ModSecurity Core Rule Set: "
Hello OWASP Leaders. I wanted to let you all know that a new version of the OWASP ModSecurity Core Rule Set (CRS) is now available (v2.0.7).
(Via Jeff Williams Blog.)
Technorati Tags: owasp, securite, security, modsecurity
mercredi 2 juin 2010
Par S. le mercredi 2 juin 2010, 23:02 - Links
Inline Detection of Evil JavaScript: "
Exploit kits are a much more common threat on the web
than they used to be. In order to evade detection, the kits frequently contain
logic to obfuscate, or hide, the meaning behind the content that they serve to
the victim. Additionally, with each visit to the exploit page, the obfuscation
techniques will differ slightly so that static, content signatures will be
unable to detect the threat. Other threats contain obfuscated JavaScript (JS)
which sets up the page to exploit a vulnerability and launch a payload (for
example, 'spraying' the heap with shellcode). Still other threats inject
obfuscated JS into legitimate sites, which after decoding embeds a hidden
(0-pixel) IFrame to malicious content. As we have seen in the past, the JS
encodings vary greatly with each incident, and many instances are encoded
multiple times and may contain non-standard JS (reference past blog posts, such
as
(Via Zscaler Research blog.)
lundi 31 mai 2010
Par S. le lundi 31 mai 2010, 08:47 - Links
Now available: Microsoft SDL version 5: "
Jeremy Dallman here to announce that we are releasing the latest version of the Microsoft Security Development Lifecycle process guidance – Version 5 (SDLv5).
(Via Microsoft SDL blog.)
dimanche 30 mai 2010
Par S. le dimanche 30 mai 2010, 22:48 - Links
OWASP AppSec Research 2010
It's time to create a digital storm and invite the world to
OWASP AppSec Research 2010 this summer. We have a fabulous program and will
celebrate with a gala dinner at Stockholm City Hall
(http://international.stockholm.se/Tourism-and-history/The-Famous-City-Hall/Events-and-receptions/Rent-the-Halls).
(Via OWASP Blog.)
Par S. le dimanche 30 mai 2010, 22:46 - Links
The OWASP
Top Ten and ESAPI – Part 6 – Cross Site Request Forgery (CSRF):
"
This article will describe how to protect your J2EE application from Cross Site Request Forgery (CSRF/XSRF) attacks using ESAPI. As with all of the detail articles in this series, if you need a refresher on OWASP or ESAPI, please see the intro article The OWASP Top Ten and ESAPI.
(Via John Melton Blog.)
Par S. le dimanche 30 mai 2010, 19:53 - Links
(Via http://blogs.msdn.com/b/sdl/Microsoft SDL Blog.)
Par S. le dimanche 30 mai 2010, 17:09 - Links
Par S. le dimanche 30 mai 2010, 16:40 - Links
Par S. le dimanche 30 mai 2010, 16:30 - Links
Denim Group, Ltd.: OWASP San Antonio Slides for OpenSAMM Presentation Online: "Denim Group, Ltd.
Par S. le dimanche 30 mai 2010, 16:00 - Links