Skip to main content

Apr 21, 11

"You may be familiar with the Emerging Threats project. They have a few Snort rules files related to known web application vulnerabilities and attacks:

* emerging-web_server.rules
* emerging-web_specific_apps.rules"

Apr 20, 11

"GooDiff is a service for automated tracking of semantic changes in web service policies. "

Apr 18, 11

"The Tangled Web is my second book, and a lovingly crafted guide to the world of browser security. This is an overcrowded market, but there are two reasons why you may want to care. "

Apr 13, 11

"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."

Apr 12, 11

"Exactly one year ago, we launched a new version of the Google document editor, created from the ground up to take advantage of the latest capabilities in modern web browsers like Chrome. In particular, we baked in a way of supporting text features that aren’t natively included with browsers—for example, we added a ruler for controlling the margins, text that wraps around images to create eye-catching docs and discussions for a more collaborative editing experience."

Apr 08, 11

"After a few months of back and forth, the first stage of our HTTP Header research is now live on the Shodan website."

Apr 06, 11

"This is a follow-up post to ModSecurity Advanced Topic of the Week: Malware Link Detection in which we will highlight a new capability within ModSecurity v2.6 that allows for removal of data within response bodies."

Mar 28, 11

Proving that no website is ever truly secure, it is being reported that has succumbed to a SQL injection attack.

Mar 25, 11

Although the Firefox team has an entire page on the website dedicated to the new security features in Firefox 4, they seem to have forgotten to mention HTTP Strict Transport Security (HSTS).

Mar 25, 11

GIAC is launching a new certification for developers and application security professionals involved in defending web applications.

Mar 11, 11

Microsoft says the vulnerability used by researcher Stephen Fewer to exploit Internet Explorer 8 has already been fixed in the RC and RTM versions of Internet Explorer 9.

Mar 09, 11

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

Mar 07, 11

Google is always looking for new ways to make it easier for developers to get started with our APIs. When you come across a new Google API, you often want to try it out without investing too much time. With that in mind, we are happy to announce the Google APIs Explorer, an interactive tool that lets you easily try out Google APIs right from your browser.

Feb 24, 11

As a second-generation Indian who has grown up in the United States, I’ve developed a taste for great home-cooked Indian food, but not a knack for how to make it. Somehow my cooking efforts result in foods that taste over-spiced yet bland at the same time. My parents follow the art of cooking by intuition, where the right amount of each spice is measured out by gut feel, but that’s never worked very well for me.

Feb 23, 11

As a web developer you’re always told you need to keep up to date on the latest and greatest technologies. Usually this is for creating applications which can take advantage of new technologies to deliver a better experience to your users. However, I think there is another angle to this, in particular; Code Rot.

Feb 22, 11

Security researchers have set up a site designed to prod social networking websites into practising what they preach about web security.

Feb 10, 11

Google just launched two-step verification for all Google accounts, a system which makes your Google/Gmail account—the account possibly containing the lion's share of your private communication online—considerably more secure.

Jan 31, 11

Cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities1. So, in this age of accountability and expectations for secure, high quality software, what’s being done about it?

1 - 20 of 33 Next ›
20 items/page

Diigo is about better ways to research, share and collaborate on information. Learn more »

Join Diigo