Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Verizon Incident Metrics Framework Released Wiseguys net $25m in ticket scalping racket State of Software Security Report Internet Explorer 8 and the Security Development Lifecycle (SDL) Top 10 Hacks of 2009 and WAF Mitigations FTC alleges that ControlScan offered ‘little or no verification’ of site security or privacy I’m in ur 4sq, snarfin ur password — Part I Fifteen Common Activities from BSIMM2 Even if You Don’t Invent Your Own Crypto….It’s Still Hard Facebook founder Mark Zuckerberg ‘hacked into emails of rivals and journalists’ WhiteHat Security is a leading provider of website security services.

Link:
Best of Application Security (Friday, Mar. 5)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Hitler and Cloud Computing Security Microsoft SDL Core Training Classes & Tools A Big Case of …OOPS… Customer-Induced FUD NT OBJECTives Response to the Larry Suto Report Web Security Dojo v1.0 & Watcher 1.3.0 release Online finance flaw: Ameriprise III Banks, Businesses, Viruses and the UCC Breaking Weak CAPTCHA in 26 Lines of Code Finding Input Validations flaws with Taint Checking WhiteHat Security is a leading provider of website security services.

Visit link:
Best of Application Security (Friday, Feb. 26)

In the past, viruses and computer threats were created simply for the sake of it. Sometimes these threats would wipe your hard drive clean—just to let you know you’d been owned.

Read the rest here:
Tidserv and MS10-015

We’ve received some questions regarding Apple’s iPad , and whether or not the lack of Adobe Flash support is for security reasons. Well, no, we don’t think so.

Read this article:
Is the lack of iPad Flash support for security?

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Is APT After You

Read more from the original source:
Best of Application Security (Friday, Jan. 22)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order.

Go here to read the rest:
Best of Application Security (Friday, Dec. 25)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Why Chrome has No NoScript Cross-domain search timing A checklist approach to security code reviews Potent malware link infects almost 300,000 webpages HTML5 new XSS vectors Perspective on Pentagon “Pwnage” Cross-Site Request Forgery For POST Requests With An XML Body Security in Syndicated and Federated Systems IP Spoofing How fake sites trick search engines to hit the top WhiteHat Security is a leading provider of website security services

See more here:
Best of Application Security (Friday, Dec. 11)

Trojan.Clampi is an interesting threat, which we described in many blog entries over the past month.

Link:
Inside Trojan.Clampi: The Research Paper

There has been a flurry of news articles over the past few days on what the media appears to have labeled the Mariposa botnet, after the name a Canadian information security firm used for this particular threat. The ‘butterfly’ in the title of this article refers to the fact that the threat is believed to stem from the Butterfly bot kit, which is no longer for sale

Link:
The Mariposa Butterfly

Have you ever noticed how movies tend to come in waves? A few years ago it seemed like every action movie had a space theme; then the following year the big new movies featured some kind of natural disaster

Read more from the original source:
Not all Reputation Technologies are Created Equal