funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Eight reasons why website vulnerabilities are not fixed

From: "Hubbard, Dan" <dhubbard () websense com>
Date: Thu, 7 May 2009 09:08:26 -0700
My addition:

"Security abstracted from process"

You would be surprised how many companies we contact who have been breached who respond with:

"we did not know that site existed"
"looks like that is hosted on some 3rd party server (damn marketing!)
"that is not our site...wait a minute it turns out it is"
"port 80 isnt enough security"?


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Juha-Matti Laurio
Sent: Thursday, May 07, 2009 6:44 AM
To: funsec () linuxbox org
Subject: [funsec] Eight reasons why website vulnerabilities are not fixed

Very good points:
http://jeremiahgrossman.blogspot.com/2009/05/8-reasons-why-website-vulnerabilities.html

Comments are worth of reading too.

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


 Protected by Websense Hosted Email Security -- www.websense.com 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: