- Apache Foundation Hit by Targeted XSS Attack + Internal investigation + Associated Atlassian breach
- CSRF Isn’t A Big Deal - Duh!
- Network Solutions Hack: Secure File Permissions Matter + Sucuri Analysis
- OWASP RFP Criteria Project
- IE 8 Security Features Could Be Turned Against Users + Slides & PoC
- Next-Generation Clickjacking Attacks Revealed + Tool
- Brokerage Firm Fined $375,000 for Unsecured Data
- Researcher Uncovers (Another) Major Facebook Security Exploit
- New Full Disclosure, Website Vulnerabilities Database
- Chrome Phishing
- 5 Reasons HTTPOnly won't save you
Venture capitalist (Grossman Ventures https://grossman.vc), Internet protector and industry creator. Founded WhiteHat Security & Bit Discovery. BJJ Black Belt.
Friday, April 16, 2010
Best of Application Security (Friday, Apr. 16)
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.
Friday, April 09, 2010
Best of Application Security (Friday, Apr. 9)
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.=
- Microsoft SDL version 5
- Force.com Secure Cloud Development
- Stroke triggered XSS and StrokeJacking
- German Government Pays Hacker For Stolen Bank Account Data
- CAPEC-333: WASC Threat Classification 2.0
- WAF Confusion Continues
- Serious New Java Flaw Affects All Current Versions of Windows + Advisory
- Safari Integer Overflow Aids Inter Protocol Exploitation
- OWASP AIR + Flash Security Projects
- Prion 1.1 - Polymorphic XSS Worm
Friday, April 02, 2010
Best of Application Security (Friday, Apr. 2)
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.
- Mozilla: Plugging the CSS History Leak
- $43m slot machine win a 'mistake' says Colorado casino
- OWASP Podcast: Ed Bellis (eCommerce) #63 and Andy Ellis (Availability) #64
- Web application scanning with skipfish
- Should the Government Stop Outsourcing Code Development?
- Journalists in China say Yahoo accounts hacked
- WASC Web Hacking Incident Database Project Update
- I’m in ur 4sq, snarfin ur password — Part II
- How Facebook is Adding an Identity Layer to the Internet
- Firefox 3.6 FileAPI Exif Injection
Subscribe to:
Posts (Atom)