Have you heard of RFC 9116? If not, I understand. I don't really know anything by RFC numbering and that is ok. RFC 9116 is a document put out by the Internet Engineering Task Force (IETF) related to vulnerability disclosure. It is important to note that this is not a standard, but for informational purposes only. So what does it do? The focus of this document is on the security.txt file and the format of it. Security.txt is a simple text file that helps an organization describe their … [Read more...] about Security.txt for Vulnerability Disclosure
vulnerability disclosure
Ep. 102: Intro to Web Security Policies
In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation. Link to Draft: https://tools.ietf.org/html/draft-foudil-securitytxt-03 Link to form to create the file: https://securitytxt.org/ Link to our blog post: https://www.developsec.com/2018/06/26/overview-of-web-security-policies/ For more info go to https://www.developsec.com or follow us on … [Read more...] about Ep. 102: Intro to Web Security Policies
Thinking about starting a bug bounty? Do this first.
Application security has become an important topic within our organizations. We have come to understand that the data that we deem sensitive and critical to our business is made available through these applications. With breaches happening all the time, it is critical to take reasonable steps to help protect that data by ensuring that our applications are implementing strong controls. Over the years, testing has been the main avenue for "implementing" security into applications. We have seen a … [Read more...] about Thinking about starting a bug bounty? Do this first.