Web 2.0 has changed the landscape of Web Application Security. As the general public, corporations, and even Government continue to use Web 2.0 sites, new threats and vulnerabilities will continue to emerge.
Web 2.0 has increased the attack surface; good for hackers, bad for security professionals. Secure Enterprise 2.0 Forum has compiled a list of the "Top Web 2.0 Security Threats" which can be found here.
1. Cross Site Scripting (XSS)
2. Cross Site Request Forgery (CSRF)
3. Phishing
4. Information Leakage
5. Injection Flaws
6. Information Integrity
7. Insufficient Anti-Automation
Thursday, March 19, 2009
Thursday, March 12, 2009
Building Security In Maturity Model (BSIMM) v1.0 Released
"Properly used, BSIMM can help you determine where your organization stands with respect to real-world software security initiatives and what steps can be taken to make your approach more effective. BSIMM is not a complete 'how to' guide for software security, nor is it a one size fits all model. Instead, BSIMM is a collection of good ideas and activities that are in use today."
BSIMM by Cigital and Fortify
Software security requires a multifaceted approach and a practical plan to reach a certain level of maturity. BSIMM aids organizations in developing their own software security roadmap. As security practitioners, our goal is to constantly strive for improvement in security processes and methodologies to effectively defend against the constant evolution of threats and vulnerabilities.
BSIMM by Cigital and Fortify
Software security requires a multifaceted approach and a practical plan to reach a certain level of maturity. BSIMM aids organizations in developing their own software security roadmap. As security practitioners, our goal is to constantly strive for improvement in security processes and methodologies to effectively defend against the constant evolution of threats and vulnerabilities.
Subscribe to:
Posts (Atom)
Posts
