Surviving the Week 10/5/12, Enterprises Struggle With Business Logic Attacks, Survey Finds

Enterprises Struggle With Business Logic Attacks, Survey Finds

A new survey emphasizes how business logic attacks can slip under the radar of development teams and cost enterprises time and money. More than 600 IT professionals were included in the survey. According to the survey, 88 percent said business logic abuse is equally or more important than any other security issues facing their company today

NT OBJECTives recently addressed the top 10 business logic flaws in this helpful white paper, “Attacking and Exploiting the Top 10 Business Logic Attack Vectors”.

TypeScript Is Microsoft’s Attempt At Making JavaScript Application Development Easier

JavaScript has been one of the core technologies of HTML5. Microsoft has been aggressively pushing HTML5 in Internet Explorer 10. So what happens when you take Microsoft’s desire to create another proprietary programming language and their insistence on HTML5? You get TypeScript, the company’s own version of JavaScript.

What are the challenges with SAST that don’t need a better engine

Many people and CIOs are under the impression that SAST can solve all the problems in security. Here is a list of problems with SAST engines, which have nothing to do with the core engine –

Web security protocol HSTS wins proposed standard status

A Web security protocol designed to protect Internet users from Internet hijacking of unencrypted web sites has won approval as a proposed standard. A steering group for the Internet Engineering Task Force (IETF) gave its blessing to a draft of HTTP Strict Transport Security (HSTS), an opt-in security enhancement in which Web sites prompt browsers to always interact over a secure connection.

A Number of SQL Injection, Code Injection and XSS Posted This Week

It’s another week where a number of SQL Injection, XSS and Code execution vulnerabilities were made public in some of the widely used applications, i.e. WordPress, Oracle Identity Management and Drupal. Here is a list of some of the critical vulnerabilities discovered during this week.

InduSoft Web Studio Arbitrary Upload Remote Code Execution –
Oracle Identity Management 10g Cross Site Scripting –
Drupal Hostip 6.x / 7.x Cross Site Scripting –
WordPress Spider 1.0.1 SQL Injection / XSS –
Omnistar Mailer 7.2 SQL Injection / Cross Site Scripting –
PHPTax 0.8 Remote Code Execution –
Drupal Twitter Pull 6.x / 7.x Cross Site Scripting –
phpMyBitTorrent 2.04 SQL Injection / Local File Inclusion –
Template CMS 2.1.1 Cross Site Request Forgery / Cross Site Scripting –
WordPress Premium Theme XSS Vulnerability –

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.