Weekly Industry Round-up, Week of 4/19
Posted by hyperguard on April 23, 2010
Around the blogosphere…
There has been a lot of discussion this week around Microsoft’s plans to fix an Internet Explorer 8 cross-site scripting problem. Microsoft will plug a hole in a built-in filter in IE8 that can be used to launch the very types of attacks on Web sites it was designed to help prevent. The company will update the IE cross-site scripting (XSS) filter in June to fix a hole that researchers warned about at last week’s Black Hat Europe conference. The researchers showed how problems with the filter could be used to inject malicious code onto sites including Google, Microsoft’s Bing search site and Twitter. Check out articles on this issue at CNET, Computerworld and ZDNet.
Cloud Faces Security Challenges
David Needle discusses whether cloud computing adoption is hurt by security issues, compliance concerns or just a poorly chosen name. These issues were recently raised during a panel on cloud security at the AlwaysOn OnDemand conference. Some of the panelists said the term ‘cloud’ has hurt the concept because it takes a business process and makes it sound “out there.” Others argued that it’s about governance and control issues. Security is a high concern for many companies, but it’s not the only reason they have not moved applications to the cloud yet.
10 Most Dangerous Web App Security Risks
As we mentioned earlier in the week, OWASP announced an update to its list of the most dangerous issues facing Web app developers. This slideshow presents the Top 10 vulnerabilities impacting Web applications and some advice from OWASP as to what Web developers and IT managers can do to stop these security threats.