Surviving the Week 10/5/12, Enterprises Struggle With Business Logic Attacks, Survey Finds

Enterprises Struggle With Business Logic Attacks, Survey Finds

A new survey emphasizes how business logic attacks can slip under the radar of development teams and cost enterprises time and money. More than 600 IT professionals were included in the survey. According to the survey, 88 percent said business logic abuse is equally or more important than any other security issues facing their company today
http://www.securityweek.com/enterprises-struggle-business-logic-attacks-survey-finds

NT OBJECTives recently addressed the top 10 business logic flaws in this helpful white paper, “Attacking and Exploiting the Top 10 Business Logic Attack Vectors”.
http://www.ntobjectives.com/go/business-logic-attack-vectors-white-paper

TypeScript Is Microsoft’s Attempt At Making JavaScript Application Development Easier

JavaScript has been one of the core technologies of HTML5. Microsoft has been aggressively pushing HTML5 in Internet Explorer 10. So what happens when you take Microsoft’s desire to create another proprietary programming language and their insistence on HTML5? You get TypeScript, the company’s own version of JavaScript.
http://www.webpronews.com/typescript-is-microsofts-answer-to-javascript-2012-10

What are the challenges with SAST that don’t need a better engine

Many people and CIOs are under the impression that SAST can solve all the problems in security. Here is a list of problems with SAST engines, which have nothing to do with the core engine –  http://diniscruz.blogspot.in/2012/10/what-are-challenges-with-sast-that-dont.html

Web security protocol HSTS wins proposed standard status

A Web security protocol designed to protect Internet users from Internet hijacking of unencrypted web sites has won approval as a proposed standard. A steering group for the Internet Engineering Task Force (IETF) gave its blessing to a draft of HTTP Strict Transport Security (HSTS), an opt-in security enhancement in which Web sites prompt browsers to always interact over a secure connection.
http://news.cnet.com/8301-1009_3-57524915-83/web-security-protocol-hsts-wins-proposed-standard-status/

A Number of SQL Injection, Code Injection and XSS Posted This Week

It’s another week where a number of SQL Injection, XSS and Code execution vulnerabilities were made public in some of the widely used applications, i.e. WordPress, Oracle Identity Management and Drupal. Here is a list of some of the critical vulnerabilities discovered during this week.

InduSoft Web Studio Arbitrary Upload Remote Code Execution – http://packetstormsecurity.org/files/117113
Oracle Identity Management 10g Cross Site Scripting – http://packetstormsecurity.org/files/117110
Drupal Hostip 6.x / 7.x Cross Site Scripting – http://packetstormsecurity.org/files/117084
WordPress Spider 1.0.1 SQL Injection / XSS – http://packetstormsecurity.org/files/117078
Omnistar Mailer 7.2 SQL Injection / Cross Site Scripting – http://packetstormsecurity.org/files/117079
PHPTax 0.8 Remote Code Execution – http://packetstormsecurity.org/files/117082
Drupal Twitter Pull 6.x / 7.x Cross Site Scripting – http://packetstormsecurity.org/files/117107
phpMyBitTorrent 2.04 SQL Injection / Local File Inclusion – http://packetstormsecurity.org/files/117102
Template CMS 2.1.1 Cross Site Request Forgery / Cross Site Scripting – http://packetstormsecurity.org/files/117104
WordPress Premium Theme XSS Vulnerability – http://www.f-secure.com/weblog/archives/00002438.html

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.


*