-
Web Application Security Consortium (WASC) releases ‘Threat Classifications’ document
WASC has released a web security 'Threat Classifications' document that attempts to help clarify some of the terms used in web security (such as xss, session fixation, insufficient authorization, etc…). Additional information can be found at the link below. http://www.webappsec.org/threat.html
-
PHP 4.3.8 released to address security issues
PHP 4.3.8 and 5.0.0RC3 were released today to address a few security problems. Users running older versions are urged to upgrade (bla bla bla). PHP Download Page PHP Changelog
-
IIS 4.0 Buffer overflow discovered and other microsoft patches
Microsoft has released 7 different advisories today. One of the vulnerabilities disclosed was a remote overflow in IIS 4.0.
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack