WASSEC is Released Tom Stripling Add Comment Edit Version 1 of WASSEC (Web Application Security Scanner Evaluation Criteria) is (finally) out! I'm not going to say which section I wrote...
Mozilla to release Content Security Policy Tom Stripling Add Comment Edit Robert Hansen (RSnake) and others have been working with Mozilla for years to develop a working solution to the problem of user-submitted a...
CSRF Tokens Tom Stripling Add Comment Edit One of the many interesting discussions at Defcon recently was a discussion of CSRF by Mike Bailey and Russ McRee. They talked about a var...
A Quick View State Review Eric Anders Add Comment Edit It's been seven years now since the release of the first .NET framework. Throughout all that time there are few aspects of the framework...
Defcon Wrapup Tom Stripling Add Comment Edit The team has returned from Defcon unscathed. Well, maybe only slightly scathed. We caught several really great presentations. Watch this ...
Security PS On Twitter Kris Drent, CISSP Add Comment Edit For all you Twitter fans out there, you can check out what we're up to at Security PS by following us on Twitter: http://twitter.com/Sec...
DeMystifying CFINSERT SQL Injection Michael Hanchak 1 Comment Edit Not much has been said as to the security of Adobe ColdFusion cfinsert and cfupdate tags. These functions transform input from a POST reque...
Microsoft !exploitable Crash Analyzer Michael Hanchak Add Comment Edit Recently at CanSecWest 2009, Microsoft released their internal !exploitable Crash Analyzer to the general public using their Microsoft Publi...
Security PS Adds Team Members In Kansas City Kris Drent, CISSP Add Comment Edit Continuing with more news of growth and expansion, we've added a small army of new team members in the Kansas City location. Welcome t...
Google Client Redirection Vulnerability Tom Stripling Add Comment Edit As a part of its search functionality, Google creates redirection links that send users to other sites on the Internet. Although the search...
Twitter XSS/XSRF Worm Tom Stripling Add Comment Edit Over the weekend, Twitter was attacked by a JavaScript-based worm that spreads by using a cross-site request forgery (XSRF) attack to updat...
Google Gadget Login Forms = Not Good Tom Stripling 2 Comments Edit If you're not familiar with iGoogle (www.google.com/ig), it's a Google service that allows you to create customizable home pages by ...
OWASP Access Controls Presentation Eric Anders 1 Comment Edit A few weeks ago I gave a presentation at our local OWASP chapter on the current state of access controls. We see access control problems t...
ISSA Kansas City Tom Stripling Add Comment Edit After a very close election (in which I ran uncontested), I have been re-elected as President of the Kansas City Chapter of ISSA. If you...
Collegiate Cyber Defense Competition Tom Stripling Add Comment Edit The consulting team headed up to Iowa State for the national Cyber Defense Competition last weekend. It's a pretty cool idea. There ar...