Posted by on December 29, 2009 · Comments Off on OWASP Top 10 RC
Filed under: Security 

OWASP is getting ready to finalize a new Top 10 list for 2010. The request for comments ends on December 31, 2009. In the beta version, there are a few items worth noting about the new list. Injection vulnerabilities look like they will overtake the number one spot on the list. Here ...

Solving the Unknown

Posted by on December 16, 2009 · Comments Off on Solving the Unknown
Filed under: Uncategorized 

As a developer, I run into new things everyday.  I mostly work with Microsoft .Net technologies and it feels like an endless pit of information.  Most developer’s feel confident about what they know, and tend to leave the unknown alone until they need it.  Although I feel pretty knowledgeable about .Net, I have no problem ...

IE8 XSS Protection

Posted by on December 3, 2009 · Comments Off on IE8 XSS Protection
Filed under: Security 

While testing a cross site scripting vulnerability I ran into an interesting feature in Internet Explorer 8, the Cross Site Scripting filter.  I was surprised when the browser popped up this message: “Internet Explorer has modified this page to help prevent cross-site scripting.”  This really intrigued me, so I started looking at the source of ...