Version 1 of WASSEC (Web Application Security Scanner Evaluation Criteria) is (finally) out! I'm not going to say which section I wrote...
Mozilla to release Content Security Policy
Robert Hansen (RSnake) and others have been working with Mozilla for years to develop a working solution to the problem of user-submitted a...
CSRF Tokens
One of the many interesting discussions at Defcon recently was a discussion of CSRF by Mike Bailey and Russ McRee. They talked about a var...
A Quick View State Review
It's been seven years now since the release of the first .NET framework. Throughout all that time there are few aspects of the framework...
Defcon Wrapup
The team has returned from Defcon unscathed. Well, maybe only slightly scathed. We caught several really great presentations. Watch this ...
Security PS On Twitter
For all you Twitter fans out there, you can check out what we're up to at Security PS by following us on Twitter: http://twitter.com/Sec...
DeMystifying CFINSERT SQL Injection
Not much has been said as to the security of Adobe ColdFusion cfinsert and cfupdate tags. These functions transform input from a POST reque...
Microsoft !exploitable Crash Analyzer
Recently at CanSecWest 2009, Microsoft released their internal !exploitable Crash Analyzer to the general public using their Microsoft Publi...
Security PS Adds Team Members In Kansas City
Continuing with more news of growth and expansion, we've added a small army of new team members in the Kansas City location. Welcome t...
Google Client Redirection Vulnerability
As a part of its search functionality, Google creates redirection links that send users to other sites on the Internet. Although the search...
Twitter XSS/XSRF Worm
Over the weekend, Twitter was attacked by a JavaScript-based worm that spreads by using a cross-site request forgery (XSRF) attack to updat...
Google Gadget Login Forms = Not Good
If you're not familiar with iGoogle (www.google.com/ig), it's a Google service that allows you to create customizable home pages by ...
OWASP Access Controls Presentation
A few weeks ago I gave a presentation at our local OWASP chapter on the current state of access controls. We see access control problems t...
ISSA Kansas City
After a very close election (in which I ran uncontested), I have been re-elected as President of the Kansas City Chapter of ISSA. If you...
Collegiate Cyber Defense Competition
The consulting team headed up to Iowa State for the national Cyber Defense Competition last weekend. It's a pretty cool idea. There ar...
Subscribe to:
Posts
(
Atom
)