despus de la ltima conferencia con mas de 200 participantes se celebra una nueva edicin de las conferencias owasp en espaa . el evento se realiza como iniciativa del capitulo espaol de la owasp el cual pretende difundir la seguridad en las aplicaciones web y los proyectos desarrollados por la organizacin.
esta nueva conferencia se celebrar el dia 21 de noviembre en el il3 i...... [Show More]
no link because im posting this from my iphone. but it looks like wordpress 2.6.3 the latest version has a cross site request forgery vulnerability. the way csrf works if you have your wp site open and are logged in an attacker can use another web page thats open at the same time to perform actions on your blog like deleting users. no word yet that ive seen about a fix. ...... [Show More]
die deutsche owasp sektion open web application security projekt richtet die erste deutsche konferenz noch diesen monat am 25. november in frankfurt am main also bei uns ganz nah bei aus. informationen wie programm preis und versanstaltungsort sind auf der konferenzseite im wiki des projektes nachzulesen. kontakt kann auch aber die mailingliste aufgenommen werden....... [Show More]
a safecode lanaou um pequeno guia com um conjunto de boas praticas para o desenvolvimento de cadigo seguro recorrendo a algumas das direcaaes advogadas por outras entidades entre as quais o praprio owasp . um guia de leitura obrigataria para quem faz desenvolvimento de software....... [Show More]
in my recent review of kemps new loadmaster software which includes web application firewall capabilities ofer shezaf from breach.com had this to say in the comments section
systems supporting only snort rules and lacking a positive security model are not usually not considered a web application firewall but rather an intrusion prevention system.
which is an interestin...... [Show More]
cuando se verifica la seguridad de la autenticacian en un aplicativo web se han de tener en cuenta distintos puntos de control. llevar a cabo este tipo de pruebas es algo mas que ejecutar una herramienta automatica y esperar encontrar vulnerabilidades. esta entrada tratara de contar el proceso tanto en la deteccian de debilidades como en la identificacian de fortalezas. puesto que recient...... [Show More]
clickjacking is a recently disclosed attack where users are fooled into unknowingly performing sensitive actions on external sites. its been demonstrated in several
videos . although its similar to crosssite request forgery it cant be prevented using a secret token all form submissions and link clicks look valid because the user is interacting with the actual ...... [Show More]
process coloring Post Source: www.unix.com Posted: Nov 07 2008 03:20:06
there is a game called de blob that has a pretty simple concept move a blob around a city run into a puddle of paint and you turn into that color or have that color mixed in with your current color. then when you run into a building that building assumes the same color. so youre spreading different colors throughout a city resulting in buildings and blocks hued red orange...... [Show More]
next week i will stay in vienna to join deepsec . last year the conference was just amazing and im also looking forward to visit metalab one of my favorite hacker spaces. bef and me will have a talk about actionscript 3 obfuscatio ndeobfus cation and other fun stuff with byte code. bef released a new version of erlswf which is capable of disassembling as3 and returning this disassem...... [Show More]
the number of information security events in north america is finally slowing down. this month there are only two events going on
information security decisions conference november 56
csi 2008 november 1521
but there are a ton of other information security events around the world going on
owasp eu summit 2008 november 47 in portugal
hackers to hackers november 69 in bras...... [Show More]
a ja na praxima semana de 3 a 7 de novembro que se vai realizar o primeiro summit da owasp e logo no nosso paas. sera uma excelente oportunidade para aprender e trocar algumas experiancias com alguns dos maiores peritos mundiais em seguranaa no desenvolvimento aplicacional em particular de aplicaaaes e serviaos web.
como reesponsavel pelo charter portuguas da owasp...... [Show More]
these are my links for october 20th through october 26th
how to sync an iphone with two or more computers shiny things this tutorial allows you to add musicvide ospodcast s from multiple machines. if you just want to sync pim conta ctscalend ers etc on one machine and media on another theres a simpler way. on the computer you want to sync contactscalendar wit...... [Show More]
clickjacking Post Source: feeds.feedburner.com Posted: Oct 26 2008 16:29:59
na altima conferancia appsec promovida pela owasp em new york jeremiah grossman e robert hansen aka rsnake sacudiram a conferancia apas o cancelamento da apresentao onde eles iriam mostrar uma prova de conceito de uma vulnerabilidade que ficou conhecida como clickjacking sequestro de clique.
basicamente a vulnerabilidade possibilita que alguam mal intencionado inclua um bot...... [Show More]
web security owasp Post Source: davypeleman.be Posted: Oct 24 2008 14:51:53
eerder deze week hadden we op het werk een meeting over security. daar kwam iemand spreken over beveiliging van websites. de presentatie was voornamelijk gebaseerd op owasp een online community over security. het was een zeer interessante presentatie waarin onder andere de top 10 van meest voorkomen kwetsbaarheden langskwam
1 cross site scripting xss
2 injection flaws
3 ...... [Show More]
just in case you havent noticed yet on november the 25th the first owasp germany conference will take place in frankfurt. it will be a oneday mostly twotrack event organized by the german chapter. the program looks pretty great. i am especially curious to see fukami s new talk. furthermore shameless plug jeremias and i will give a presentation on our xss detection ...... [Show More]
this starts a series of post leading up to my pdf talk at the next belgian issa and owasp chapter event. ill be publishing a couple of my pdf tools.
next video shows how i use my pdf parser to analyze a malicious pdf file and extract the shell code.
searching for keyword javascript yields 2 indirect objects referencing javascript objects. the javascript is executed through a...... [Show More]
take a look at all the videos and photos from the annual owasp appsec conference in new york city as a vendor at this years owasp appsec conference in new york city i had a difficult time escaping booth duty to attend the many presentations on web application security. however owasp did a great job of compiling video footage of all the presentations . here are a few of my...... [Show More]
es un placer anunciar un nuevo evento organizado por el capatulo espaaol el iv owasp spain chapter meeting.la asistencia es gratuita . debido a la limitacian del aforo todos aquellos interesados en asistir deberan notificarlo previamente enviando un correo incluyendo la palabra ins cripcian 8221 en el asunto del mensaje.
por otro lado el organismo isc41...... [Show More]
open web application security project owasp vai organizar pela primeira vez em portugal durante os dias 4 a 7 de novembro o owasp summit eu portugal 2008 naquela que a uma das suas maiores reuniaes mundiais.
este encontro vai juntar especialistas de todo o mundo na area da seguranaa de informaaao em particular no domanio da seguranaa em aplicaaaes baseadas na we...... [Show More]
Feeds and posts are not affliated with ://URLFAN. They are displayed here simply for informational purposes, if you would like to remove your feed please contact us.
Bloggers mention this site on average every 33 hours.
E-mail me
Feed subscribe
Is this your website? Activate our 
SHOW MENTIONS
