I hope that all of you in the US had a great Happy Thanksgiving.
As is normal for a holiday weekend, the new is a bit light, but here is what I was able to gather for this week.
- Detecting and Combating Business Logic Attacks – Business logic attacks are the next generation stealthy attacks. They are not illegal, not malformed request and also hard to detect by web application firewall and IDS. These Fraudulent Attacks Can Cost Organizations Big Money.
- Apache HTTP Server Reverse Proxy/Rewrite URL Validation Issue – Nice way of leveraging URL rewriting and accessing internal network. Reverse proxy is not going away soon it seems.
- HTML5: Something wicked this way comes – HackPra materials – Good presentation on HTML 5 security
- Lotus Notes Formula Injection – It is having context driven injection and one can pass on extended formula as data which being executed. Interesting injection vector like we have in macros
- Changing nature of DDoS attacks
- Ruby on Rails Input Validation Flaw in Translate Helper Method Permits Cross-Site Scripting Attacks.
- Google protects its current HTTPS traffic against future attacks
- The CFO’s role in the data breach war