I published the following diary on isc.sans.edu: “Compromized Desktop Applications by Web Technologies”: For a long time now, it has been said that “the new operating system is the browser”. Today, we do everything in our browsers, we connect to the office, we process emails, documents, we chat, we perform
Tonight was held a joined OWASP and ISSA Belgium Chapters meeting with three speakers. Very interesting content, here is a small wrap-up in “bullet-point” mode due to a lack of free time… First speaker, Tom Van Der Mussele from Verizon Business spoke about the “non-conventional attacks“. Tom explained that those
For a while, I was looking for a good solution to display my OSSEC server status in (near) real time. For most of us, the classic log file monitoring tool still remains based on the “tail | grep | awk | less” commands. If it catches perfectly the events you
An interesting initiative from a small team of French guys active in information security. They are organizing a online contest called “Pirate-Moi” (“Hack Me“). The purpose is pretty the same as a classical CTF (“Capture The Flag“) contest held during security conferences: To hack a system! In this case, the
URL Shorteners are online services which reduce the length of URL’s. Web applications are more and more complex and their URL’s can have multiple parameters like pages, sessionsID’s and much more. At the same time, we use services which limit the messages size (like Twitter) or devices (like SmartPhones) which
If you are not aware of this news, OWASP released yesterday its annual Top-10 Web Application Vulnerability Risks. I won’t list them again here, lot of security bloggers already did it in the next hours following the official press release. Instead, I checked if the news was also relayed by
