Best of Application Security (Friday, Jan. 15)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.

• Top Ten Web Hacking Techniques of 2009 (Official)
• Default https access for Gmail
• new static analyzer from Google
• Purported Interview With Facebook Employee Details Use Of ‘Master Password’
• Software testing firm says no to responsible disclosure
• Web-based systems vs. Advanced Persistent Threat
• The Three Domains of Application Security
• How to Use the Adobe JavaScript Blacklist Framework
• CSS History Knocker (sites you've visited)
• Threat Classification 'Cross Reference View' (TCv2.1 Inclusion Proposal