Web security content moving to new WhiteHat Security corp blog

Many of you have noticed I haven’t been blogging in several weeks. The truth is I have been blogging, just not here! For those that missed the announcement, WhiteHat Security recently launched a new corporate blog, featuring over a half dozen other WhiteHat bloggers in addition to myself. To support and intermingle with other exceptionally solid posts, I’ve been directing my Web security content over there. If you review the archives you'll find cool stuff on scaling CSRF identification, DOM-based XSS, Bypassing CSRF tokens with a Flash 0-day, etc.

Here are some of my most recent posts that you may have missed:

• Mythbusting: Static Analysis Software Testing – 100% Code Coverage
• PROTIP: Security as a Differentiator
• PROTIP: Publish Security Scoreboards Internally
• Recent SQL Injection Hacks – Things You Should Know
• If You Want to Improve Something, Measure It
• An Incident Is a Terrible Thing to Waste (even those of others)
• (CYA) Cover Your Applications – All of Them
• The Necessity of Compliance Alone Is Insufficient for Justifying Security Investment
• Theory: Google will open source their Web server — or should
• Are 20% of developers responsible for 80% of the vulnerabilities?

See! I have been blogging. :) Consider updating your RSS feeds.

I'll continue posting here, only at a much lower volume, and exclusively about personal things like my adventures in Brazilian Jiu-Jitsu.