How to Protect Your Website From XSS Vulnerabilities With IBM Application Security

By Erwin Friethoff Application security practices and tools can help ensure that embarrassing and costly vulnerabilities are shut out of your website or app.

Almost everything can be done online nowadays, and even some of the oldest professions in the world are modernizing and moving to the Web. Application security is becoming more and more important with the online enablement of all kinds of new services.

Since everyone and everything is online, the Dutch government decided that one of the basics of a modern society — law and order — should be facilitated through online channels as well. For example, when a lawyer wants to start a procedure, he or she can do so digitally. Proponents argued that it was good for speed and better for the environment.

The website has been modernized and, next to publishing court decisions, a lawyer or legal representative can launch a new case and upload the accompanying documents. Since it is run by the government, one would expect that the application security would be top-notch, right?

A Big Team, Lots of Money and an XSS Vulnerability

A new user experience, a new, up-to-date design, case manager tooling — the website had it all. Highly skilled people worked on the site for years, at the cost of millions of euros, so it was expected to be the best and most secure government website yet produced. Think again: Within a couple of days, an ethical hacker found a DOM-based cross-site scripting (XSS) vulnerability

According to OWASP, a DOM-based XSS attack occurs when the payload is executed by changing the DOM environment in the victim’s browser, which causes page code to operate differently.

A DOM-based XSS vulnerability is one of the vulnerabilities named in the OWASP Top 10, a powerful awareness document for Web application security. It represents a broad consensus about what the most critical flaws are — and these vulnerabilities tend to be present in many applications.

How Application Security Could Have Helped

Could this have been prevented? The answer is yes! But what steps should have been taken to ensure that the vulnerability did not exist in the first place?

To enable clients to prevent these kinds of exploits and vulnerabilities, IBM provides the AppScan portfolio. IBM AppScanscans source code and Web applications for vulnerabilities. It reports on known issues, giving advice on how to repair them and how to prevent them from being exploited. The video below shows how the IBM AppScan XSS Analyzer optimizes the success of the scan.

 

Source: How to Protect Your Website From XSS Vulnerabilities With IBM Application Security

X5000 AmigaOne Update

AmigaOne X5000 Update

X5000 Mainboard TestingAlex Perez in CardiffI’ve received numerous enquiries about the availability of the AmigaOne X5000 system. As you probably know the Cyrus boards have been in stock for quite some time with new shipments of boards arriving from Ultra Varisys almost weekly. We are just waiting for the final release version of AmigaOS 4.1 from Hyperion Entertainment and then we will be good to start shipping new AmigaOne X5000/20 systems. X5000 Mainboards stackedAs with the AmigaOne X1000 “First Contact” system we will release an “early bird” model, this time entitled “Close Encounters” which we be supplied with the first version of AmigaOS 4.1 specifically configured by Hyperion Entertainment for the AmigaOne X5000.The growing tower of CyrusAgain, as with the AmigaOne x1000, regular updates of X5000 specific drivers and other software bug fixes will be released for download as soon as they become available. So if you are an experienced Amigan and like to tinker with your AmigaOS installation then the “Close Encounters” release of the AmigaOne X5000 is definitely one for you. Matthew has promised that the “registration of interest” page will go live soon. So Matthew & Hyperion Entertainment it’s now over to you. No pressure boys.

Source: Trevor’s Amiga Blog

AEROS for the Raspberry Pi 1 / 2 and 3

broadwayx

Give your Raspberry Pi that good old Amiga Look and feel, and transform it into a Real fast Workstation!

What is AEROS? AEROS is a hybrid distribution of AROS (www.aros.org) and Linux (in the moment debian 6.0 for X86 and 7.0 for ARM is used) available for ARM and x86 systems. If there is enough interest we can start also an PPC branch. The audience may decide ; )

 

To see Aeros running, here a video from the Developer Pascal Papara

Source: AEROS

BlackBerry Priv officially launched in Malaysia with a retail price of RM3,559 | CrackBerry.com

Adding another region to the growing list of areas which Priv is available, BlackBerry has now officially launched the device in Malaysia. Customers looking to pick up a Priv can now preorder the device through 11street with special offers in place if you’re quick. The first 60 customers who preorder through 11street will be able to purchase Priv at a discounted price of MYR 3,388.

Source: BlackBerry Priv officially launched in Malaysia with a retail price of RM3,559 | CrackBerry.com

BLACKBERRY NAMED A LEADER IN EMM

BES12 and Good Powered by BlackBerry scored among the highest in the following criteria: Telecom & Expense Management ContainerizatioQuadrant_BBn Data Management & Security Secure Productivity Apps Workforce Technology Roadmap Roadmap Aggressiveness Install Base Global Presence Network Security Reporting & Analytics App Management App Security Enterprise App Store Experience Revenue

Source: BlackBerry