Today, SANS and MITRE released their 2009 Top 25 Most Dangerous Programming Errors list. The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because [...]
McAfee Secure published the McAfee Secure Standard last month. It is a high level overview of what test for, to determine if they are “secure” or not. The McAfee SECURE™ standard is an aggregate of industry best practices, designed to provide a level of security that an online merchant can reasonably achieve to help provide [...]
The presentations from the recent India conference, ClubHack are now online. Hacking Client Side Insecurities by Aditya K Sood Immune IT: Moving from Security to Immunity by Ajit Hatti AntiSpam - Understanding the good, the bad and the ugly by Aseem Jakhar Reverse Engineering v/s Secure Coding by Atul Alex Network Vulnerability Assessments: Lessons Learned [...]
Happy new year from the Infosec Events team! Here are the information security events in North America this month: SCADA Security Scientific Symposium – Jan 21-22 in Orlando SANS Security West 2009 – Jan 24-Feb 1 in Las Vegas DoD Cyber Crime Conference 2009 – Jan 26-30 in St. Louis And remember to check out [...]
A few weeks ago, Cisco released their 2008 Annual Security Report. Registration is required to download the presentation. The Cisco Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. The report encompasses threat information and trends collected between January and October 2008, and provides a snapshot of the [...]
Version 3 of the OWASP testing guide is now available! This project's goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues. Thanks to all that put in the [...]
Last month we noted that the Black Hat Japan 2008 presentations were available, and today we noticed that the audio for those presentations are online as well at the Black Hat Japan 2008 archives. Below are links to the audio. Black Ops of DNS 2008: Its The End Of The Cache As We Know It [...]
Several presentations from the Australian security conference RUXCON are now online. Saturday Presentations Attacking Rich Internet Applications by Kuza55 and Stefano Di Paola GPU Powered Malware by Daniel Reynaud Attacking the Vista Heap by Ben Hawkes SCADA: Hacking Modbus Enabled Devices by Daniel Grzelak Enterprise Security, Softer than the foam on my Frappuccino by LUMC [...]
This post is part of the security training review project, and was guest blogged by Jim O’Gorman. This last summer I was given the opportunity to take the Offensive Security 101 course. I came across it on accident while looking for some training that I could do without travel and that was reasonably priced. When [...]
The Browser Security Handbook is now online for everyone to read. This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several [...]