Thursday, December 18, 2008

OWASP Testing Guide V 3.0 is avilable now!

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. OWASP team mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of OWASP materials are available under a free and open software license.

To download the latest version (V 3.0) of OWASP testing guide click on the below link:-

http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf

 

Fix for unpatched internet explorer flow

Fix for my previous blog related to internet explorer has been released

The patch details & download information can be found at :

 http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx

American Express web bug exposes card holders!

XSS: Entrenched since November 2008

A glaring vulnerability on the American Express website has unnecessarily put visitors at risk for more than two weeks and violates industry regulations governing credit card companies, a security researcher says.
Among other things, the cross-site scripting (XSS) error on americanexpress.com allows attackers to steal users' authentication cookies, which are used to validate American Express customers after they enter their login credentials.
For more information related to this XSS attack refer below link:-