Microsoft will get rid of SHA1 in Windows by 2017

Microsoft has just published their SHA1 deprecation policy, according to which Windows will stop accepting SHA1 signed ceritficates in SSL by 2017.

Centrum certyfikacji Mobicert wykreślone z rejestru Ministerstwa Gospodarki

13 listopada Narodowe Centrum Certyfikacji przy NBP unieważniło certyfikat root należący do centrum certyfikacji Mobicert.

Cryptographic Algorithms, Key Sizes and Parameters - ENISA recommendations for 2013

ENISA has just published a report on cryptographic algorithms, key sizes and parameters, written by a team of recognized European cryptographers.

ISO/IEC TR 24772:2013 "Guidance to avoiding vulnerabilities in programming languages through language selection and use"

ISO/IEC TR 24772:2013 "Guidance to avoiding vulnerabilities in programming languages through language selection and use" is one of the most useful application security resources I have seen so far, especially among ISO standards.

Regulatory requirements, standards and market of software security scanning (SAST)


Source code security reviews and scanning (SAST, or less frequently SCA) is one of the most effective techniques to reduce number of security related bugs in software. As of 2013 it's still not very widespread due to a number of limiting factors.

Warsaw, October 23: dr Piotr Cofta, "Modeling Trust" at PJWSTK

Invitation for dr Piotr Cofta talk on "Modeling trust" that will be held at PJWSTK, at 3pm in Senate hall.

Warsaw, October 23: Bitcoin Mining, Past Present and Future by Dr. Nicolas T. Courtois


Invitation for great talk on Bitcoin mining in Warsaw, details below.

Secure SAML validation to prevent XML signature wrapping attacks

SAML assertions are becoming popular method for passing authentication and authorisation information between identity providers and consumers using various single sign-on protocols. However their practical security strongly depends on correct implementation, especially on the consumer side. Somorovsky and others have demonstrated a number of XML signature related vulnerabilities in SAML assertion validation frameworks. This article demonstrates how bad library documentation and examples can lead to vulnerable consumer code and how this can be avoided.

Bezpieczeństwo informatyczne szkół i instytucji publicznych - poradnik

Dokument jest dostępny w postaci oglądać on-line jako dokument Google lub w formatach EPUB i PDF (patrz poniżej).

OWASP Poland - Poznań 24 września 2013


Zapraszamy na trzecie spotkanie OWASP Poland w Poznaniu, 24 września 2013 (wtorek) o godzinie 15:00 w Centrum Konferencyjnym IOR, ul. Władysława Węgorka 20A (wejście od Grunwaldzkiej).

Zaproszenie do udziału w szkoleniu z Modsecurity


Firma Linux Polska Sp. z o.o. zaprasza do udziału w dedykowanym szkoleniu "ModSecurity - skuteczna ochrona aplikacji webowych".

Impact of search engines on opportunistic hacking


Most website owners struggle to get their website best positioned in search engine results and the rule of thumb seems to be "the more indexing the better". How does this impact website susceptibility to hacking?

Implementing Content Security Policy with CspBuilder wizard

Exactly for this purpose I have written that consumes the Content Security Policy violation reports generated by browsers and turns them into a working CSP header.

CONFidence 2013, 28-29 May 2013, Kraków, Poland

End of May brings yet another iteration of excellent security conference happening in our home city of Krakow — CONFidence 2013.

Getting free gigabytes of secure online storage... by cleaning trash


For a few years now I've been using Wuala as my online storage of choice, mainly because of its security related features. Recently it approached the limit of my purchased space...

Syndicate content