Security Alerts & News
by Tymoteusz A. Góral

#2219 OWASP Top 10 - 2017 RC1 - the ten most cirtical web application security risks (PDF)
Welcome to the OWASP Top 10 2017! This major update adds two new vulnerability categories for the first time: (1) Insufficient Attack Detection and Prevention and (2) Underprotected APIs. We made room for these two new categories by merging the two access control categories (2013-A4 and 2013-A7) back into Broken Access Control (which is what they were called in the OWASP Top 10 - 2004), and dropping 2013-A10: Unvalidated Redirects and Forwards, which was added to the Top 10 in 2010.

The OWASP Top 10 for 2017 is based primarily on 11 large datasets from firms that specialize in application security, including 8 consulting companies and 3 product vendors. This data spans vulnerabilities gathered from hundreds of organizations and over 50,000 real-world applications and APIs. The Top 10 items are selected and prioritized according to this prevalence data, in combination with consensus estimates of exploitability, detectability, and impact.

The primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas – and also provides guidance on where to go from here.
Read more
#2219 OWASP Top 10 - 2017 RC1 - the ten most cirtical web application security risks (PDF)
#2218 Android O no! Android O causes problems for mobile ransomware developers
#2217 Five inmates built two PCs and hacked a prison from within
#2216 Microsoft kills off security bulletins after several stays
#2215 CVE-2017-0199 Used as 0day to distribute FINSPY espionage malware and LATENTBOT malware
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12