SecurityRatty: tag: quote

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...quote not filtered or escaped form blah Injection inside URL attributes - non-http(s) URL javascript:evil script In JavaScript context - single quote not filtered or escaped In the cases where XSS arises from meta characters being inserted from untrusted sources into an HTML document, the issue can be avoided either by...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

See, they ain't that scientific either

2008-02-25 13:42:29 by Paul Stamp in Security & Risk Management

...quote came from hedge fund manager John Devaney, who said "I'd like to thank the market for dealing me a direct hit. As a trader if you don't get sucker-punched every once in a while, you don't understand what risk is Also, there were a few good articles last week about how money managers had retreated from the market because they'd lost...

Tags: risk management, information risk management, information risk, risk, information risk professionals, risk models, model risk effectively, direct hit, quote

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle

...quote from this column (probably my favorite quote from anyones column so far this year): theres still much to do in the [software] industry to reach a level of truly sustainable computing. This is perhaps especially true in the nascent area of Web 2.0 development. Lets hope Microsoft brings its Trustworthy Computing Initiative, or more...

Tags: web, site, chriss web site, mashups, web mashups, site cookies, persistent cross-site, cookies, benefit anyones web

SQL Server - Fact Checking Recent Vulnerability History

2008-03-05 22:53:36 by jrjones in Jeff Jones Security Blog

...quote, which asserted that last year SQL Server had "... most vulnerabilities last year of any commercial database..." That is a big error, though it may be a misquote or a miscommunication. Certainly, if you go look at the current version of the original article , the incorrect statement has been removed However, given that as of today, some...

Tags: server, claim sql server, sql, sql server team, sql vulnerabilities, vulnerabilities, sql server, vulnerability, sql team

Two Fun and Thought-provokinng Pieces

2008-03-06 12:58:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...quote: " ... Wait - they listen to customers, innovate new things, control costs, and deliver safety mechanisms to market while growing their business? When will Silicon Valley answer the bell on this model? " Read on On an unrelated note, Hoff's comments on "McGovern's " Ten Mistakes That CIOs Consistently Make That Weaken Enterprise...

Tags: fun, quote, fun quote, market, market forces, deliver safety mechanisms, security, silicon valley answer, enterprise security

Blogging for the sake of blogging

2008-03-23 01:09:33 by HASH0x8b4990c in StillSecure, After All These Years

...quote. Don't blog for the sake of blogging. James Kirk, to quote one of your friends, that is not logical. Why else should you blog, but for the sake of blogging? Bloggers blog because they want to hear themselves and they want the world to hear them as well. Blogging is singularly an ego-driven sport. Your total lack of understanding of this...

Tags: company blog, blog, bloggers blog, blog spam, daevid comments, sake, daevid, publish comments critical, comments

Surveillance and the use of social psychology

2007-03-13 23:30:47 by Perry Carpenter in Security Renaissance

...quote taken from Boing Boing The quote below is from a recent New York Times Magazine article describing a psychology experiment conducted by Newcastle University in which those conducting the experiments taped alternating photos above an on your honor coffee station For 10 weeks this spring, they alternately taped two posters over the...

Tags: coffee, honor coffee station, psychology, coffee station, psychology experiment, social psychology simultaneously, eyes poster, eyes, weeks

Lost Bank of Ireland laptops affect roughly 10,000 customers

2008-04-22 09:35:39 by Evan Francen in The Breach Blog

...quote or took out a Life Assurance policy with Bank of Ireland Life from the following branches Drogheda Dunleer Bagnelstown Court Place Carlow Stephens Green Tallaght Montrose Number Affected 10,000 Types of Data names, addresses, bank account details and medical histories Breach Description DUBLIN--Four laptop computers stolen from one...

Tags: bank, customers, information security, information, ireland, confidential information, ireland life option, ireland life, bank account details

FISMA Report Card News, Formulas, and 3 Myths

2008-05-27 16:36:28 by rybolov in The Guerilla CISO

...Quote from Karen Evans Quote from Alan Paller about how FISMA is a failure and checklist-driven security Wondering when the government will get their act together Have a read of Danchos response to the FISMA Report Card. Pretty typical writing formula that youll see from journalists. I wont even comment on the FISMA compliance title. Oh wait,...

Tags: report card, fisma report card, fisma, fisma measures, fisma compliance title, fisma report cards, security, security programs based, framework

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo