Navigations is a periodic newsletter that keeps you informed about Security Compass and updates in application security. Every issue includes case studies of recent vulnerabilities, upcoming security events, updates from OWASP (Open Web Application Security Project), and cutting-edge security-related technology. We hope you find this newsletter to be useful. Please provide any comments or questions to navigations@securitycompass.com.
In the News
Case Study: Windows Vista Voice Recognition Vulnerability Reinforces Four Major Security Principals
Find out which major security principals Microsoft overlooked that could have helped defend against this vulnerability. Click here for the full article.
Case Study: Adobe XSS Vulnerability
Find out how you may be affected, and what you can do to protect your website and users. Click here for the full details.
For the Mind
2007 Security Conferences
Awareness is the first step towards protecting your web applications. The following is a calendar of the top security conferences around the globe:
| Mar 19-21 |
InfoSec World Conference and Expo | Orlando, FL | Official Website |
| Mar 19-23 |
Security Opus Information Security Conference | San Francisco, CA | Official Website |
| Mar 27-30 |
Black Hat Europe | Amsterdam, Netherlands | Official Website |
| Apr 2-5 |
Hack In The Box Security Conference | Dubai, UAE | Official Website |
| May 7-12 |
DallasCon Information and Wireless Security Event | Dallas, TX | Official Website |
| June 11-13 |
CSI NetSec | Scottsdale, AZ | Official Website |
Security Compass Public Training
Security Compass offers its popular secure development, exploiting, and application security for manager classes on a rotating basis.
We currently have public classes schedule for the following cities. Note that classes without sufficient enrolment may be subject to cancellation. Register today!
From the OWASP
OWASP Top 10 Candidate 1 Released
The OWASP Top 10 2007 lists the most serious web application vulnerabilities, and aims to educate developers, architects and auditors in securing their applications against these threats. The reference is under review until February 28, 2007.
Check back for the finalized reference at http://www.owasp.org/index.php/Top_10_2007.
OWASP Testing Guide V2 Released
The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
Download the guide at http://www.owasp.org/index.php/OWASP_Testing_Project.
On the Edge
HDIV - An Open-Source Framework to Detect Parameter Manipulation
HTTP Data Integrity Validator (HDIV) is a new open-source extension to the struts framework that guarantees confidentiality and integrity of HTTP parameters used in web applications. The framework obfuscates sensitive parameters from the user and also detects manipulation of static parameters.
For more information, please visit http://www.hdiv.org.
ACEGE Security - An Open-Source Extension to the Spring Framework
Acegi Security is a powerful, flexible security solution for enterprise software (particularly with Spring). It provides comprehensive authentication, authorization, instance-based access control, channel security and human user detection capabilities.
For more information, please visit http://www.acegisecurity.org.
In the News
- Case Study: Windows Vista Voice Recognition Vulnerability Reinforces Four Major Security Principles
- Case Study: Adobe XSS Vulnerability
For the Mind
- 2007 Security Conferences
- Security Compass Public Training
From the OWASP
- OWASP Top 10 Candidate 1 Released
- OWASP Testing Guide V2 Released
On the Edge
- HDIV - an open-source framework to detect parameter manipulation
- ACEGI - an open-source extension to the Spring framework