Best of Application Security (Friday, Jan. 1)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.

• My Personal Security Guiding Principles
• Popup & Focus URL Hijacking
• Exploiting Microsoft IIS with Metasploit
• Results of Investigation into Holiday IIS Claim
• Cryptographic Storage Cheat Sheet
• WAF vs IPS (or Four Things Your IPS Can’t Do)
• Generic cross-browser cross-domain theft
• Twitter bans obvious passwords
• Web Attacks and Defenses that Could Affect Users in 2010
• SQL Injection Resources