"To date, a major gap exists in vulnerability standardization: there is no standard framework for the creation of vulnerability report documentation."
"You may be familiar with the Emerging Threats project. They have a few Snort rules files related to known web application vulnerabilities and attacks:
"It was a long but wonderful day! I woke up very early to catch my train from Brussels to London and arrived just in time. The room was already full of security guys, some well known faces and new ones. Let’s grab some coffee, some muffins and my bag full of goodies. Ready for the talks! The venue is nice, there is a good Wi-Fi coverage."
"Being a property owner can be a massive headache. You end up spending thousands to protect what's yours – securing doors, windows, and every other feasible point of entry. Yet all a criminal needs is one shot – a misplaced key, say – and he is in."
"Most developers actually want to write secure code"
"Why people fail in the hiring process… by doing stupid things!
Some things that I tell you NOT to do, might be what your future employer wants… it’s not easy to define."
"It’s here! Data junkies rejoice!
Today we’re proud to release the third volume of our semi-annual State of Software Security report. This edition incorporates data from 4,835 applications analyzed via our cloud-based platform over the past 18 months."
"OMG, today is The Breach Day, an official security holiday. Verizon Business has just released their super-famous “2011 Data Breach Investigations Report”"
"The U.S. Justice Department and the FBI were granted unprecedented authority this week to seize control over a criminal botnet that enslaved millions of computers and to use that power to disable the malicious software on infected PCs."
"The company that maintains the WordPress.com blogging platform said hackers gained root access to its servers and made off with sensitive code belonging to it and its partners."
"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."
"Cloud computing has quickly evolved from a hot industry buzz word into a multi-billion dollar emerging market, with all the big names striving to grab a piece of the pie. Amazon, with its Amazon Elastic Computer Cloud (EC2), is arguably the dominant leader of the cloud services market."
"There is a surprising number of title variations among people who work in the field that I call “information security.” I browsed through various job-search sites to get a feel for the more frequently-seen titles and created a random information security job title generator. "
"sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. "
Click in to find related links.