Best of Application Security (Friday, Nov. 6)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!

• Another fine method to exploit SQL Injection and bypass WAF
• Security and Facebook Platform
• When Is More Important Than Where in Web Application Security
• Apple - XSS Attack
• Cross-subdomain Cookie Attacks
• PILOT: Production in lieu of testing (AgoraCart FAIL)
• Facebook and MySpace security: backdoor wide open, millions of accounts exploitable
• SSL and TLS Authentication Gap vulnerability discovered
• Using Blended Browser Threats involving Chrome to steal files on your computer
• LinkedIN With 'Bill Gates'