NIST publications : Guidelines on Cell Phone Forensics, Guide for Assessing the Security Controls in Federal Information Systems, Guidelines on Securing Public Web Servers, User’s Guide to Securing External Devices for Telework and Remote Acces, Specification for the Extensible Configuration Checklist Description Format (XCCDF)

Without further ado, here is the flash version of my presentation : E-Banking Web Application Security.

Image spam is a moving target because spammers frequently change their spamming tools as well as the content and format of their messages, so you cannot rely on one technique to detect them all.

Andrew van der Stock announced the availability of OWASP Top 10 2007 .

This Web Security Trends Report presents new research and statistical breakdowns illustrating the universal nature of malicious code, as well as exposing the presence of malicious code on webpages translated by online translation services.

Architects and developers need to calculate the confidentiality, integrity, and availability requirements of their applications. In short, application classification needs to precede secure application development.

Omninerd.com has published an extensive article which covers the major 2006 Operating System Vulnerabilities. A lot of work has been put in careful analysis of various flavors of the 4 core OSes available today : Windows, OS X, Linux and UNIX.

Symantec released it’s XI edition of Internet Security Threat Report which covers the 2nd half of 2006 global security activity : malware, vulnerabilities, exploits, phishing, etc.

Well, this is a good news for all the folks in the PCI compliance business. Watchfire has been certified as a PCI scanning vendor.

Exploit Prevention Labs released the results of its February 2007 Exploit Prevalence Surveyâ„¢. The Top 5 Web Exploits for February 2007 are