Kontrole biznesowe (?) w fakturach elektronicznych

W nowym rozporządzeniu o fakturowaniu elektronicznym pojawiło się dość osobliwe pojęcie "kontroli biznesowych".

PHP cryptography - proceed with care

A couple of case studies from PHP world demonstrating how important it is that application framework authors provide carefully designed cryptography interface to programmes. Otherwise it's almost certaint that will be implemented incorrectly.

Web.config rules for Yasca

Combined rules from two open-source tools for static application security testing — WCSA and Yasca.

Michał Tabor: Komentarz do analizy

in

Michał Tabor udostępnił mi swoje komentarze do opublikowanej wcześniej Analizy stanu przygotowań dotyczących wprowadzenia nowych dowodów osobistych.

Python XML RPC over HTTP proxy

in

The XML-RPC over HTTP proxy given in Python documentation doesn't really work, so I've written a fixed XML-RPC transport for xmlrpclib that seems to work.

Python module for flexible SSL HTTP server handling

in

This module allows flexible SSL certificate from a server. Unlike standard ssl module in Python, this function handles HTTP proxy and invalid certificates.

European personal data regexp patterns

I've spent some time browsing through publicly available sources to find out what are various identification numbers across Europe, especially those that can be treated as "personal data". The numbers listed below include national identification, tax, health, social security and bank codes that I was able to identify.

Testing X-Content-Security-Policy

If you wondered how X-Content-Security-Policy works in real life here's an example.

Trusted timestamping example in Python

in

Here's a simple example on how to request a trusted timestamping service from a certificate authority using TSP (Time-Stamp Protocol). It's really simple if the server allows you to use standard HTTP interface instead of full TSP interface.

ISACA już oficjalnie w Katowicach

in

Oddział ISACA w Katowicach został już oficjalnie wpisany na listę międzynarodowych chapterów tej organizacji.

Building a cost-benefit model for application security testing

Is it possible to speak about application security testing in economic terms? My intuition and practice suggested that it's not only possible but necessary for security testing to really make sense.

Practical security of RSA keys over Internet

A very important research paper has been just published on eprint — wide analysis of practical security of RSA keys found in the wild. It shows that implementation or usage issues resulting in weak keys are much more widespread than previously expected.

OWASP Kraków - 18 Jan 2012

in

OWASP Poland meeting in Krakow on18 Jan 2012, time 18:0020:00, location Technology Park (Czyżyny) (Al. Jana Pawła II 41 L), Krakow, Poland. More information as usual at www.owasp.org/index.php/Poland

Decision trees and expected value of perfect information (EVPI) calculations with MS Excel

Here is a collection of Excel spreadsheets I have been using while studying decision trees and value of information concepts.

Syndicate content