Adnan Masood, a Machine Learning Phd's musings on Life, Technology, Research & Development
OWASP Top 10 Web Application Security Risks 2010 has been released today 4/19 as FINAL. The OWASP Top 10 Web Application Security Risks for 2010 are: A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage…
OWASP’s list have been changed since 2004 in terms of priorities; XSS and inject flaws are on the rise. Details can be found on OWASP’s website. 2007 2004 A1 - Cross Site Scripting (XSS) A1 - Unvalidated Input A2 - Injection Flaws A2 - Broken Access Control A3 - Malicious File Execution A3 - Broken…
So if you are looking to implement SSL using basicHttpBinding for your WCF service, look no further. Here is your config file settings The modified basicHttpBindinging to allow security mode = Transport <bindings> <basicHttpBinding> <binding name="defaultBasicHttpBinding"> <security mode="Transport"> <transport clientCredentialType="None"/> …
Yesterday's ISSA (Information Systems Security Association) LA chapter's monthly member meeting was highlighted by Jeremiah Grossman's presentation on Hacking Intranet Websites from the Outside and Best Practice Security Measures . Stan Stahl of Citadel information security group and president of ISSA-LA chapter invited us to this lunch meeting which was very informative from development and…