bash microsoft all you want however their new SDL is really making a difference in securing their products. of course they will continue to have issues it won't remove all the issues, however it has reduced their bug count big time. Take IIS 5/6/7 as a great example of how their process is making a difference.
Bash away MS bashing zealots.
You'd think they'd be able to use some NASA technologies (xray, heat, whatever else they use to probe the cosmos) from space or something to see through the ice, then identify suspect patterns.
Money for sure is an issue.
No matter how much you secure something, you're always going to have to deal with users. They will always do stupid things regardless of what safeguards you have in place.
By The Web Application Security Consortium
"From a counter-intelligence perspective, standard honeypot/honeynet technologies have not bared much fruit in the way of web attack data. Web-based honeypots have not been as successful as OS level or other honeypot applications (such as SMTP) due to the lack of their perceived value. Deploying an attractive honeypot web site is a complicated, time-consuming task. Other than a Script Kiddie probing for an easy defacement or an indiscriminant worm, you just won't get much traffic.
So the question is - How can we increase our traffic, and thus, our chances of obtaining valuable web attack reconnaissance?
This project will use one of the web attacker's most trusted tools against him - the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification and report all logging data to a centralized location."
http://www.webappsec.org/projects/honeypots/
Slashdot Mirror
+5 funny
It's their website. I doubt many of you go there anyways. They can do what they want on their website, so STFU and quit complaining.
Glad you know how to use google. If you scroll down a little bit it clearly states on the microsoft URL 'Security Development Lifecycle'.
bash microsoft all you want however their new SDL is really making a difference in securing their products. of course they will continue to have issues it won't remove all the issues, however it has reduced their bug count big time. Take IIS 5/6/7 as a great example of how their process is making a difference. Bash away MS bashing zealots.
registrar = bank
renewal fee = mortgage
not paying renew fee = foreclosure
You didn't pay attention to the expiration date/when a payment was due and the registrar(bank) resold your property. You're SOL.
You'd think they'd be able to use some NASA technologies (xray, heat, whatever else they use to probe the cosmos) from space or something to see through the ice, then identify suspect patterns. Money for sure is an issue.
Obviously they've hunted land they can see, maybe look under the ice? Just recently greenland discovered a new island when some ice melted.
http://www.cgisecurity.com/questions/sql.shtmlm l
http://www.cgisecurity.com/questions/blindsql.sht
Many other papers on the subject
http://www.cgisecurity.com/development/sql.shtml
http://www.cgisecurity.com/articles/csrf-faq.shtm
http://www.cgisecurity.com/articles/xss-faq.shtml
Cliches dead at age 55.
Nothing new here please move along.
Support in windows for the internet circa 1994.
http://www.cgisecurity.com/ajax/
The Cross Site Request Forgery FAQ
The Cross Site Scripting FAQ
So george bush really is more advanced than the rest of us? Wait a minute, what will jesus think about this?
As we've proven in this article....
Is there anything Cern can't do?
No matter how much you secure something, you're always going to have to deal with users. They will always do stupid things regardless of what safeguards you have in place.
The Cross-site Request Forgery FAQ http://www.cgisecurity.com/articles/csrf-faq.shtml
By The Web Application Security Consortium "From a counter-intelligence perspective, standard honeypot/honeynet technologies have not bared much fruit in the way of web attack data. Web-based honeypots have not been as successful as OS level or other honeypot applications (such as SMTP) due to the lack of their perceived value. Deploying an attractive honeypot web site is a complicated, time-consuming task. Other than a Script Kiddie probing for an easy defacement or an indiscriminant worm, you just won't get much traffic. So the question is - How can we increase our traffic, and thus, our chances of obtaining valuable web attack reconnaissance? This project will use one of the web attacker's most trusted tools against him - the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification and report all logging data to a centralized location." http://www.webappsec.org/projects/honeypots/
The XSS FAQ
The Cross-site Request Forgery FAQ
Harry and Voldemort die. Gee, didn't see that one coming and I've only seen the movies....
http://www.webappsec.org/projects/
This project is already gathering data and will be publishing the results shortly.
They prefer to be called biochemically challenged.