Best of Application Security (Friday, Feb. 5)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.

• Accuracy and Time Costs of Web Application Security Scanner Report
• The Web won’t be safe, let alone secure, unless we break it
• Why don't websites default to SSL/TLS?
• RFI List in Burp Suite
• Web 2.0 Pivot Attacks
• Building Secure Applications with HTML 5: What is Happening and Where?
• Mozilla Accepts Chinese CNNIC Root CA Certificate
• SDL for dummies
• XSS, SQL Injection and Fuzzing Barcode Cheat Sheet
• Microsoft CAT.NET 2.0 - Beta