Sorry readers, last week’s post was missed due to an overwhelming amount of work both on the professional and personal areas. Thank you for holding tight to your browsers F5 key in wait for this update.
Future HTML5 and Security
This past week multiple reports were published on which technologies will see longevity for internet applications. The analysis concludes that HTML5 is here to stay. In fact, most state that instead of building applications on different mobile platforms, companies prefer to create HTML5 applications so that one client can serve all mobile devices as well as all browser users. In the last few weeks, @Shreeraj of BlueInfy presented at BlackHat about security issues in HTML5. Click here to view @Shreeraj’s HTML5 presentation
Here are a few other postings on this topic
Top 3 security risks related to HTML5
Two interesting projects in OWASP
OWASP launched two new projects focusing on Java security; a java encoder and a java HTML sanitizer. The Java Encoder project is a simple-to-use drop-in encoder class with very little overhead. The Java HTML Sanitizer Project is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
Lessons Learned from Apple iCloud Hack
This was a great and not so great story from Wired reporter, Mat Honan. His entire digital life dissolved before his eyes because Lulszec liked his Twitter handle @mat and wanted to make a statement. They gained entry into his iCloud account, used it to remote wipe all of his devices and achieve access into his other accounts. At least they told him how they did it. Here are some things to keep in mind to minimize damage if a similar incident ever happens to you. The number one rule of thumb for anything in the cloud, e n c r y p t!
DDoS Attack Takes Down WikiLeaks
The controversial website which often posts proprietary information without consent, was down for at least five days and had been experiencing a massive Distributed Denial of Service (DDoS) attack. Really? Why?