Best of Application Security (Friday, Apr. 16)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.

• Apache Foundation Hit by Targeted XSS Attack + Internal investigation + Associated Atlassian breach
• CSRF Isn’t A Big Deal - Duh!
• Network Solutions Hack: Secure File Permissions Matter + Sucuri Analysis
• OWASP RFP Criteria Project
• IE 8 Security Features Could Be Turned Against Users + Slides & PoC
• Next-Generation Clickjacking Attacks Revealed + Tool
• Brokerage Firm Fined $375,000 for Unsecured Data
• Researcher Uncovers (Another) Major Facebook Security Exploit
• New Full Disclosure, Website Vulnerabilities Database
• Chrome Phishing
• 5 Reasons HTTPOnly won't save you