Soon, I will be moving the securitymetrics.org website to a simpler, secure and more usable system—the same platform that powers Markerbench. It should be done in time for Mini-Metricon (March 1st, 2013).
Web Security
Tag ∙ 6 posts
Posts
Perhaps you’ve heard about the recently disclosed Java 7 zero-day exploit. The flaw allows a remote attacker to take complete control of a computer. It has been incorporated into many exploit kits.
A few weeks ago I put together my annual Predictions blog post for the coming year. In that post and accompanying webinar, I suggested five emerging risk areas that CISOs need to pay attention to in the coming year.
I’ve noticed that sometimes it takes two or three “pings” for an idea to seep into my consciousness. I just got my second “ping” on a potentially Big Idea: site-specific browsers (SSBs).
I hate to be a curmudgeon about this, but this fellow needs a beat-down:
Fixing AJAX: XmlHttpRequest Considered Harmful
I offer this as exhibit A (as in AJAX) about why application security may well be intractable, in part because we’ve got mainstream technical outlets teaching techniques to evade well-founded security principles.
Scobleizer points out that the WS ReliableMessaging specification has been submitted to OASIS.
With all due respect to the incredibly bright folks at the WS-I, I find the world of web services standards to be rather confusing.