SYNTAX Application Security Annual Report

A Greek company SYNTAX has just published a report on security vulnerabilities prevalence in web applications.

Introducing Django Security


Django-Security is currently the most advanced and mature security package for Django framework. It's been usable for a while, but thanks to hard work of the SDelements team to which I have also contributed a bit I can now recommend it for production use.

Web services security testing

As service-oriented architecture (SOA) is getting popularity, there's growing interest in security testing of these services, but the tools available aren't as advanced as those for "standard" web applications.

Microsoft will get rid of SHA1 in Windows by 2017

Microsoft has just published their SHA1 deprecation policy, according to which Windows will stop accepting SHA1 signed ceritficates in SSL by 2017.

Centrum certyfikacji Mobicert wykreślone z rejestru Ministerstwa Gospodarki

13 listopada Narodowe Centrum Certyfikacji przy NBP unieważniło certyfikat root należący do centrum certyfikacji Mobicert.

Cryptographic Algorithms, Key Sizes and Parameters - ENISA recommendations for 2013

ENISA has just published a report on cryptographic algorithms, key sizes and parameters, written by a team of recognized European cryptographers.

ISO/IEC TR 24772:2013 "Guidance to avoiding vulnerabilities in programming languages through language selection and use"

ISO/IEC TR 24772:2013 "Guidance to avoiding vulnerabilities in programming languages through language selection and use" is one of the most useful application security resources I have seen so far, especially among ISO standards.

Regulatory requirements, standards and market of software security scanning (SAST)


Source code security reviews and scanning (SAST, or less frequently SCA) is one of the most effective techniques to reduce number of security related bugs in software. As of 2013 it's still not very widespread due to a number of limiting factors.

Warsaw, October 23: dr Piotr Cofta, "Modeling Trust" at PJWSTK

Invitation for dr Piotr Cofta talk on "Modeling trust" that will be held at PJWSTK, at 3pm in Senate hall.

Warsaw, October 23: Bitcoin Mining, Past Present and Future by Dr. Nicolas T. Courtois


Invitation for great talk on Bitcoin mining in Warsaw, details below.

Secure SAML validation to prevent XML signature wrapping attacks

SAML assertions are becoming popular method for passing authentication and authorisation information between identity providers and consumers using various single sign-on protocols. However their practical security strongly depends on correct implementation, especially on the consumer side. Somorovsky and others have demonstrated a number of XML signature related vulnerabilities in SAML assertion validation frameworks. This article demonstrates how bad library documentation and examples can lead to vulnerable consumer code and how this can be avoided.

Bezpieczeństwo informatyczne szkół i instytucji publicznych - poradnik

Dokument jest dostępny w postaci oglądać on-line jako dokument Google lub w formatach EPUB i PDF (patrz poniżej).

OWASP Poland - Poznań 24 września 2013


Zapraszamy na trzecie spotkanie OWASP Poland w Poznaniu, 24 września 2013 (wtorek) o godzinie 15:00 w Centrum Konferencyjnym IOR, ul. Władysława Węgorka 20A (wejście od Grunwaldzkiej).

Zaproszenie do udziału w szkoleniu z Modsecurity


Firma Linux Polska Sp. z o.o. zaprasza do udziału w dedykowanym szkoleniu "ModSecurity - skuteczna ochrona aplikacji webowych".

Impact of search engines on opportunistic hacking


Most website owners struggle to get their website best positioned in search engine results and the rule of thumb seems to be "the more indexing the better". How does this impact website susceptibility to hacking?

Syndicate content