Best of Application Security (Friday, Oct. 30)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!

• Detecting Malice eBook
• Black Box vs White Box. You are doing it wrong.
• The Barack Obama Donations Site was Hacked…err, no it wasn’t.
• New Q3'09 malware data, and the Dasient Infection Library
• Infrastructure fingerprinting via XSS
• DNS Rebinding in Firefox
• Output Validation using the OWASP ESAPI
• Google Wave as a Tool for Hacking
• Announcing the release of the Enhanced Mitigation Evaluation Toolkit
• Asset Valuation (couldn't settle on just one):

• Lindstrom's Razor
• A Grain of Salt for Digital Asset Values
• What is “Lindstrom’s Razor”?
• Information Asset Value: Some Cold-Hearted Calculations
• How to Value Digital Assets (Web Sites, etc.)
• On the value of ‘digital asset value’ for security decisions