Jeremiah Grossman

CEO of Bit Discovery, Professional Hacker, Black Belt in Brazilian Jiu-Jitsu, Off-Road Race Car Driver, Founder of WhiteHat Security, and Maui resident.

Friday, April 16, 2010

Best of Application Security (Friday, Apr. 16)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.
  • Apache Foundation Hit by Targeted XSS Attack + Internal investigation + Associated Atlassian breach
  • CSRF Isn’t A Big Deal - Duh!
  • Network Solutions Hack: Secure File Permissions Matter + Sucuri Analysis
  • OWASP RFP Criteria Project
  • IE 8 Security Features Could Be Turned Against Users + Slides & PoC
  • Next-Generation Clickjacking Attacks Revealed + Tool
  • Brokerage Firm Fined $375,000 for Unsecured Data
  • Researcher Uncovers (Another) Major Facebook Security Exploit
  • New Full Disclosure, Website Vulnerabilities Database
  • Chrome Phishing
  • 5 Reasons HTTPOnly won't save you
Posted by Jeremiah Grossman at 3:00 PM No comments:

Friday, April 09, 2010

Best of Application Security (Friday, Apr. 9)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.=
  • Microsoft SDL version 5
  • Force.com Secure Cloud Development
  • Stroke triggered XSS and StrokeJacking
  • German Government Pays Hacker For Stolen Bank Account Data
  • CAPEC-333: WASC Threat Classification 2.0
  • WAF Confusion Continues
  • Serious New Java Flaw Affects All Current Versions of Windows + Advisory
  • Safari Integer Overflow Aids Inter Protocol Exploitation
  • OWASP AIR + Flash Security Projects
  • Prion 1.1 - Polymorphic XSS Worm
Posted by Jeremiah Grossman at 2:00 PM No comments:

Friday, April 02, 2010

Best of Application Security (Friday, Apr. 2)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.
  • Mozilla: Plugging the CSS History Leak
  • $43m slot machine win a 'mistake' says Colorado casino
  • OWASP Podcast: Ed Bellis (eCommerce) #63 and Andy Ellis (Availability) #64
  • Web application scanning with skipfish
  • Should the Government Stop Outsourcing Code Development?
  • Journalists in China say Yahoo accounts hacked
  • WASC Web Hacking Incident Database Project Update
  • I’m in ur 4sq, snarfin ur password — Part II
  • How Facebook is Adding an Identity Layer to the Internet
  • Firefox 3.6 FileAPI Exif Injection
Posted by Jeremiah Grossman at 1:00 PM No comments:
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

About Me

My photo
Jeremiah Grossman
Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events including many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!
View my complete profile

Links

  • Jeremiah's Main Website
  • Twitter Profile
  • Facebook Profile
  • LinkedIn Profile

Total Pageviews

Profile

Profile

TEDxMaui

TEDxMaui

Brazilian Jiu-Jitsu

Brazilian Jiu-Jitsu

BobbleJer

BobbleJer

My 1964 Lincoln Continental

My 1964 Lincoln Continental

Subscribe

Posts
Atom
Posts
All Comments
Atom
All Comments

Blog Archive

  • ►  2020 (2)
    • ►  December (2)
  • ►  2018 (5)
    • ►  August (1)
    • ►  July (1)
    • ►  May (1)
    • ►  March (2)
  • ►  2017 (3)
    • ►  April (1)
    • ►  February (2)
  • ►  2016 (7)
    • ►  October (1)
    • ►  June (1)
    • ►  May (4)
    • ►  March (1)
  • ►  2013 (1)
    • ►  January (1)
  • ►  2012 (2)
    • ►  April (1)
    • ►  January (1)
  • ►  2011 (18)
    • ►  December (1)
    • ►  June (1)
    • ►  May (1)
    • ►  March (3)
    • ►  February (5)
    • ►  January (7)
  • ▼  2010 (62)
    • ►  December (9)
    • ►  November (2)
    • ►  October (1)
    • ►  September (3)
    • ►  August (2)
    • ►  July (5)
    • ►  June (5)
    • ►  May (3)
    • ▼  April (3)
      • Best of Application Security (Friday, Apr. 16)
      • Best of Application Security (Friday, Apr. 9)
      • Best of Application Security (Friday, Apr. 2)
    • ►  March (6)
    • ►  February (12)
    • ►  January (11)
  • ►  2009 (75)
    • ►  December (7)
    • ►  November (5)
    • ►  October (8)
    • ►  September (5)
    • ►  August (11)
    • ►  July (6)
    • ►  June (4)
    • ►  May (5)
    • ►  April (4)
    • ►  March (4)
    • ►  February (5)
    • ►  January (11)
  • ►  2008 (117)
    • ►  December (6)
    • ►  November (2)
    • ►  October (2)
    • ►  September (8)
    • ►  August (8)
    • ►  July (10)
    • ►  June (16)
    • ►  May (16)
    • ►  April (19)
    • ►  March (11)
    • ►  February (4)
    • ►  January (15)
  • ►  2007 (195)
    • ►  December (5)
    • ►  November (19)
    • ►  October (11)
    • ►  September (10)
    • ►  August (13)
    • ►  July (22)
    • ►  June (17)
    • ►  May (25)
    • ►  April (18)
    • ►  March (21)
    • ►  February (12)
    • ►  January (22)
  • ►  2006 (123)
    • ►  December (11)
    • ►  November (21)
    • ►  October (20)
    • ►  September (29)
    • ►  August (16)
    • ►  July (15)
    • ►  June (3)
    • ►  January (8)
  • ►  2005 (99)
    • ►  November (2)
    • ►  October (3)
    • ►  September (5)
    • ►  August (9)
    • ►  July (14)
    • ►  June (15)
    • ►  May (13)
    • ►  April (9)
    • ►  March (11)
    • ►  February (7)
    • ►  January (11)
  • ►  2004 (14)
    • ►  December (7)
    • ►  November (6)
    • ►  June (1)
  • ►  2001 (2)
    • ►  November (1)
    • ►  March (1)
Picture Window theme. Powered by Blogger.