Best of Application Security (Friday, Dec. 25)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.

• Web-Based Worms: How XSS Is Paving the Way for Future Malware
• Best Security Improvements in 2009?
• Securing tomcat
• Microsoft IIS vuln leaves users open to remote attack
• My Gmail Account and Google Apps Got Hacked
• Is code auditing of open source apps necessary before deployment?
• An Unpleasant Anniversary: 11 Years of SQL Injection
• Bypassing the intent of blocking "third-party" cookies
• Serious web vuln found in 8 million Flash files
• BSIMM Data Show an SSG is a Software Security Necessity