"To date, a major gap exists in vulnerability standardization: there is no standard framework for the creation of vulnerability report documentation."
"You may be familiar with the Emerging Threats project. They have a few Snort rules files related to known web application vulnerabilities and attacks:
"It was a long but wonderful day! I woke up very early to catch my train from Brussels to London and arrived just in time. The room was already full of security guys, some well known faces and new ones. Let’s grab some coffee, some muffins and my bag full of goodies. Ready for the talks! The venue is nice, there is a good Wi-Fi coverage."
"Being a property owner can be a massive headache. You end up spending thousands to protect what's yours – securing doors, windows, and every other feasible point of entry. Yet all a criminal needs is one shot – a misplaced key, say – and he is in."
"Most developers actually want to write secure code"
"Why people fail in the hiring process… by doing stupid things!
Some things that I tell you NOT to do, might be what your future employer wants… it’s not easy to define."
"It’s here! Data junkies rejoice!
Today we’re proud to release the third volume of our semi-annual State of Software Security report. This edition incorporates data from 4,835 applications analyzed via our cloud-based platform over the past 18 months."
"OMG, today is The Breach Day, an official security holiday. Verizon Business has just released their super-famous “2011 Data Breach Investigations Report”"
"The U.S. Justice Department and the FBI were granted unprecedented authority this week to seize control over a criminal botnet that enslaved millions of computers and to use that power to disable the malicious software on infected PCs."
"Cloud computing has quickly evolved from a hot industry buzz word into a multi-billion dollar emerging market, with all the big names striving to grab a piece of the pie. Amazon, with its Amazon Elastic Computer Cloud (EC2), is arguably the dominant leader of the cloud services market."
"There is a surprising number of title variations among people who work in the field that I call “information security.” I browsed through various job-search sites to get a feel for the more frequently-seen titles and created a random information security job title generator. "
"sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. "
"This is a follow-up post to ModSecurity Advanced Topic of the Week: Malware Link Detection in which we will highlight a new capability within ModSecurity v2.6 that allows for removal of data within response bodies."
"As anyone who has watched the reimagined Battlestar Galactica will tell you, Sixes are trouble. They are undoubtedly alluring, but all the while they are working covertly, following The Plan, right under the noses of their targets. Nobody realizes the true nature of the threat until it’s too late."
Click in to find related links.