-
Yahoo Hacker Uses Story to Find, Exploit Bug
"Exploit code has hit the Internet for the critical flaws in Yahoo Messenger that could enable a remote hacker to take control of a user’s system. Yahoo Inc. was quick out of the gate and released a fix for the vulnerabilities last Friday, just two days after the flaws were publicly disclosed. The trouble is…
-
Two Universities Hit By Security Breaches
"Two universities suffered security breaches that compromised the security of sensitive personal information on students and faculty. Both the University of Iowa and the University of Virginia announced last Friday that they have been sending out notifications about the breaches. The University of Virginia said its investigation has shown that on 54 separate days between…
-
Sun JRE Vulnerabilities
"A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet." Article Link:…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack