European Union has just announced a "political agreement" between Member States on new regulation related to electronic identification and trust services called eIDAS, that is going to upgrade the old electronic signature directive 1999/93/EC.
I've been using VoIP (voice over IP) telephony since 2004 and recent move to a new flat made me rebuild the whole configuration and was a good opportunity to review it and see how much I could have earned with VoIP?
Main motivation for this work was to counter security issues caused by Play implementation of session variables. Session variable is a store that allows a web application to set variables related to a particular user's session. In the traditional Java HttpServlet a session variable can be set using setAttribute() and getAttribute().
Django-Security is currently the most advanced and mature security package for Django framework. It's been usable for a while, but thanks to hard work of the SDelements team to which I have also contributed a bit I can now recommend it for production use.
As service-oriented architecture (SOA) is getting popularity, there's growing interest in security testing of these services, but the tools available aren't as advanced as those for "standard" web applications.
ISO/IEC TR 24772:2013 "Guidance to avoiding vulnerabilities in programming languages through language selection and use" is one of the most useful application security resources I have seen so far, especially among ISO standards.
Source code security reviews and scanning (SAST, or less frequently SCA) is one of the most effective techniques to reduce number of security related bugs in software. As of 2013 it's still not very widespread due to a number of limiting factors.
SAML assertions are becoming popular method for passing authentication and authorisation information between identity providers and consumers using various single sign-on protocols. However their practical security strongly depends on correct implementation, especially on the consumer side. Somorovsky and others have demonstrated a number of XML signature related vulnerabilities in SAML assertion validation frameworks. This article demonstrates how bad library documentation and examples can lead to vulnerable consumer code and how this can be avoided.