Broken Web Applications VM Version 0.9 Released

Written by Chuck Willis

As I mentioned in my previous post, I have been working on creating a Linux Virtual Machine containing a variety of vulnerable web applications. Just in time for the OWASP AppSec DC Conference, version 0.9 of the VM has been released! Read the rest

Tags: OWASP, VM, Web Application

WASC Web Application Security Statistics Published

Written by Chuck Willis

Thanks to Veracode’s Blog for pointing me to the Web Application Security Consortium (WASC) Web Application Security Statistics that were recently published.

Overall, I think that the paper has some very interesting data and statistics. As Chris Wysopal at Veracode pointed out, it provides some good evidence to back up the seemingly common sense idea that white box testing (where the testers have access to source code, design documents, and internal resources) is more likely to find certain issues than black box testing. Read the rest

Tags: Black Box, Statistics, Veracode, WASC, Web Application, White Box

Channels

Recent Posts

• Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
• Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
• Vulnerability and Exploit Terminology Webinar
• Creating an IOC to Spot the Duqu Family
• Using Redline & OpenIOC to Build Effective Indicators

Follow us on Twitter

• Mandiant: RT @cbentle2: @OpenIOC Updated #IOC posted https://t.co/Y2PGTuqE #dfir
• Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj
• Mandiant: @_saadk Thanks for the #FF!

MANDIANT News

• Gartner Security and Risk Management Summit 2012
• CEIC Conference 2012
• New York Executive Briefing: Combating Advanced Targeted Cyber Attacks
• RSA Conference 2012