Blog

/Blog/

2009 CWE/SANS Top 25 Most Dangerous Programming Errors

Today, SANS and MITRE released their 2009 Top 25 Most Dangerous Programming Errors list. The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because [...]

2017-03-12T17:40:21-07:00 January 12th, 2009|Security Vulnerabilities|0 Comments

McAfee Security Standard

McAfee Secure published the McAfee Secure Standard last month. It is a high level overview of what test for, to determine if they are “secure” or not. The McAfee SECURE™ standard is an aggregate of industry best practices, designed to provide a level of security that an online merchant can reasonably achieve to help provide [...]

2017-03-12T17:40:21-07:00 January 8th, 2009|Vendor News|0 Comments

ClubHack 2008 Presentations

The presentations from the recent India conference, ClubHack are now online. Hacking Client Side Insecurities by Aditya K Sood Immune IT: Moving from Security to Immunity by Ajit Hatti AntiSpam - Understanding the good, the bad and the ugly by Aseem Jakhar Reverse Engineering v/s Secure Coding by Atul Alex Network Vulnerability Assessments: Lessons Learned [...]

2009-01-05T22:08:00-07:00 January 5th, 2009|Security Conferences|0 Comments

Cisco 2008 Annual Security Report

A few weeks ago, Cisco released their 2008 Annual Security Report. Registration is required to download the presentation. The Cisco Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. The report encompasses threat information and trends collected between January and October 2008, and provides a snapshot of the [...]

2008-12-30T22:33:00-07:00 December 30th, 2008|Security Vulnerabilities|0 Comments

OWASP Testing Guide Version 3

Version 3 of the OWASP testing guide is now available! This project's goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues. Thanks to all that put in the [...]

2017-03-12T17:40:21-07:00 December 23rd, 2008|Security Tools|0 Comments

Black Hat Japan 2008 Audio

Last month we noted that the Black Hat Japan 2008 presentations were available, and today we noticed that the audio for those presentations are online as well at the Black Hat Japan 2008 archives. Below are links to the audio. Black Ops of DNS 2008: Its The End Of The Cache As We Know It [...]

2017-03-12T17:40:21-07:00 December 19th, 2008|Security Conferences|0 Comments

RUXCON Presentations

Several presentations from the Australian security conference RUXCON are now online. Saturday Presentations Attacking Rich Internet Applications by Kuza55 and Stefano Di Paola GPU Powered Malware by Daniel Reynaud Attacking the Vista Heap by Ben Hawkes SCADA: Hacking Modbus Enabled Devices by Daniel Grzelak Enterprise Security, Softer than the foam on my Frappuccino by LUMC [...]

2017-03-12T17:40:21-07:00 December 18th, 2008|Security Conferences|1 Comment

Offensive Security 101 Review

This post is part of the security training review project, and was guest blogged by Jim O’Gorman. This last summer I was given the opportunity to take the Offensive Security 101 course. I came across it on accident while looking for some training that I could do without travel and that was reasonably priced. When [...]

2017-03-12T17:40:21-07:00 December 16th, 2008|Security Training|1 Comment

Browser Security Handbook

The Browser Security Handbook is now online for everyone to read. This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several [...]

2008-12-12T23:20:00-07:00 December 12th, 2008|Security Vulnerabilities|0 Comments