It seems that Esser’s initiative to disclose one PHP vulnerability each day during March 2007 is unpopular among core PHP developers, especially for Zeev Suraski, co-creator of PHP and chief technology officer of Zend, which manages PHP development.
ABC News reports on a new attack vector targeted at broadband routers / acces points : Drive-By Pharming.
The (in) famous Adobe Acrobat Reader Plugin Universal PDF XSS is the scariest vulnerability discovered this year because it can turn any pdf into an XSS attack vector.
Due to the really huge install base, I really hope that the folks at wordpress.org issue a patch quickly to address these vulnerabilities.
amazing that this nifty tool supports Server-side JS, GET, POST, uploads, Cookies, SQLite and AJAX.
Anurag Agarwal announced a series of professional portraits of the gurus in Web Applications Security .
Quoting Anurag :
Every friday i will present a major player from the web application security field and outline his contributions to the industry.
The series of mini biographies is called Reflection and this week’s security superstar was Amit Klein. [...]
The new buzz of the Google Webmaster Tools’ Link has spread like wildfire. However, this great tool had a serious vulnerability which permitted to gain access to the links statistics of any website.
(OWASP) has released the first draft of the 2007 edition of the Ten Most Critical Web Application Security Vulnerabilities. Over the years, this document has turned into a de facto web application vulnerability checklist.
Because a lot of web applications rely on the session id for all the authentication and authorization , knowing the strength of the algorithm behind the session ID generation is essential.
Free Security Magazines Hot Security News Security Articles and Tips 24/7 Malware Mix
