Enterprises Struggle With Business Logic Attacks, Survey Finds
A new survey emphasizes how business logic attacks can slip under the radar of development teams and cost enterprises time and money. More than 600 IT professionals were included in the survey. According to the survey, 88 percent said business logic abuse is equally or more important than any other security issues facing their company today
NT OBJECTives recently addressed the top 10 business logic flaws in this helpful white paper, “Attacking and Exploiting the Top 10 Business Logic Attack Vectors”.
What are the challenges with SAST that don’t need a better engine
Many people and CIOs are under the impression that SAST can solve all the problems in security. Here is a list of problems with SAST engines, which have nothing to do with the core engine - http://diniscruz.blogspot.in/2012/10/what-are-challenges-with-sast-that-dont.html
Web security protocol HSTS wins proposed standard status
A Web security protocol designed to protect Internet users from Internet hijacking of unencrypted web sites has won approval as a proposed standard. A steering group for the Internet Engineering Task Force (IETF) gave its blessing to a draft of HTTP Strict Transport Security (HSTS), an opt-in security enhancement in which Web sites prompt browsers to always interact over a secure connection.
A Number of SQL Injection, Code Injection and XSS Posted This Week
It’s another week where a number of SQL Injection, XSS and Code execution vulnerabilities were made public in some of the widely used applications, i.e. WordPress, Oracle Identity Management and Drupal. Here is a list of some of the critical vulnerabilities discovered during this week.
InduSoft Web Studio Arbitrary Upload Remote Code Execution – http://packetstormsecurity.org/files/117113
Oracle Identity Management 10g Cross Site Scripting – http://packetstormsecurity.org/files/117110
Drupal Hostip 6.x / 7.x Cross Site Scripting – http://packetstormsecurity.org/files/117084
WordPress Spider 1.0.1 SQL Injection / XSS – http://packetstormsecurity.org/files/117078
Omnistar Mailer 7.2 SQL Injection / Cross Site Scripting – http://packetstormsecurity.org/files/117079
PHPTax 0.8 Remote Code Execution – http://packetstormsecurity.org/files/117082
Drupal Twitter Pull 6.x / 7.x Cross Site Scripting – http://packetstormsecurity.org/files/117107
phpMyBitTorrent 2.04 SQL Injection / Local File Inclusion – http://packetstormsecurity.org/files/117102
Template CMS 2.1.1 Cross Site Request Forgery / Cross Site Scripting – http://packetstormsecurity.org/files/117104
WordPress Premium Theme XSS Vulnerability – http://www.f-secure.com/weblog/archives/00002438.html