Best of Application Security (Friday, Sep. 4)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!

• Cross-protocol XSS with non-standard service ports
• Flash Cookie Forensics
• apache.org incident report for 8/28/2009
• Microsoft IIS 5/6 FTP 0Day released
• UK Parliament website hack exposes shoddy passwords
• Outsourcing and Top-Line Security Budget Justification
• Production-Safe Website Scanning Questionnaire
• Revealing Facebook Application XSS Holes
• Flaw In Sears Website Left Database Open To Attack
• Pwning Opera Unite with Inferno’s Eleven