Xavier Santolaria's Library tagged web →  View Popular, Search in Google

owasp webapps infosec security web programming

django python web framework jinja2 benchmark

"You may be familiar with the Emerging Threats project. They have a few Snort rules files related to known web application vulnerabilities and attacks:

* emerging-web_server.rules
* emerging-web_specific_apps.rules"

modsecurity security infosec web ids snort

"GooDiff is a service for automated tracking of semantic changes in web service policies. "

web privacy policy

"The Tangled Web is my second book, and a lovingly crafted guide to the world of browser security. This is an overcrowded market, but there are two reasons why you may want to care. "

books security web webapps infosec

"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."

mozilla web csp security xss browser

"Exactly one year ago, we launched a new version of the Google document editor, created from the ground up to take advantage of the latest capabilities in modern web browsers like Chrome. In particular, we baked in a way of supporting text features that aren’t natively included with browsers—for example, we added a ruler for controlling the margins, text that wraps around images to create eye-catching docs and discussions for a more collaborative editing experience."

google web cloud apps

"After a few months of back and forth, the first stage of our HTTP Header research is now live on the Shodan website."

security web shodan xss browser

"This is a follow-up post to ModSecurity Advanced Topic of the Week: Malware Link Detection in which we will highlight a new capability within ModSecurity v2.6 that allows for removal of data within response bodies."

infosec security malware modsecurity web

Proving that no website is ever truly secure, it is being reported that MySQL.com has succumbed to a SQL injection attack.

security web sql sql injection mysql

Although the Firefox team has an entire page on the mozilla.com website dedicated to the new security features in Firefox 4, they seem to have forgotten to mention HTTP Strict Transport Security (HSTS).

browser mozilla firefox chrome web hsts

GIAC is launching a new certification for developers and application security professionals involved in defending web applications.

infosec security web webapps certifications

Microsoft says the vulnerability used by researcher Stephen Fewer to exploit Internet Explorer 8 has already been fixed in the RC and RTM versions of Internet Explorer 9.

cansecwest pwn2own microsoft browser web security

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

pentesting security owasp infosec web webapps software

Google is always looking for new ways to make it easier for developers to get started with our APIs. When you come across a new Google API, you often want to try it out without investing too much time. With that in mind, we are happy to announce the Google APIs Explorer, an interactive tool that lets you easily try out Google APIs right from your browser.

google api programming web software

As a second-generation Indian who has grown up in the United States, I’ve developed a taste for great home-cooked Indian food, but not a knack for how to make it. Somehow my cooking efforts result in foods that taste over-spiced yet bland at the same time. My parents follow the art of cooking by intuition, where the right amount of each spice is measured out by gut feel, but that’s never worked very well for me.

google food recipe web

As a web developer you’re always told you need to keep up to date on the latest and greatest technologies. Usually this is for creating applications which can take advantage of new technologies to deliver a better experience to your users. However, I think there is another angle to this, in particular; Code Rot.

security infosec web webapps

Security researchers have set up a site designed to prod social networking websites into practising what they preach about web security.

security infosec web social media

Google just launched two-step verification for all Google accounts, a system which makes your Google/Gmail account—the account possibly containing the lion's share of your private communication online—considerably more secure.

google gmail web privacy security

Cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities1. So, in this age of accountability and expectations for secure, high quality software, what’s being done about it?

security web webapps xss infosec