Skip to main content

21 Apr 11

"You may be familiar with the Emerging Threats project. They have a few Snort rules files related to known web application vulnerabilities and attacks:

* emerging-web_server.rules
* emerging-web_specific_apps.rules"

20 Apr 11

"GooDiff is a service for automated tracking of semantic changes in web service policies. "

18 Apr 11

"The Tangled Web is my second book, and a lovingly crafted guide to the world of browser security. This is an overcrowded market, but there are two reasons why you may want to care. "

13 Apr 11

"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."

12 Apr 11

"Exactly one year ago, we launched a new version of the Google document editor, created from the ground up to take advantage of the latest capabilities in modern web browsers like Chrome. In particular, we baked in a way of supporting text features that aren’t natively included with browsers—for example, we added a ruler for controlling the margins, text that wraps around images to create eye-catching docs and discussions for a more collaborative editing experience."

08 Apr 11

"After a few months of back and forth, the first stage of our HTTP Header research is now live on the Shodan website."

06 Apr 11

"This is a follow-up post to ModSecurity Advanced Topic of the Week: Malware Link Detection in which we will highlight a new capability within ModSecurity v2.6 that allows for removal of data within response bodies."

28 Mar 11

Proving that no website is ever truly secure, it is being reported that MySQL.com has succumbed to a SQL injection attack.

25 Mar 11

Although the Firefox team has an entire page on the mozilla.com website dedicated to the new security features in Firefox 4, they seem to have forgotten to mention HTTP Strict Transport Security (HSTS).

25 Mar 11

GIAC is launching a new certification for developers and application security professionals involved in defending web applications.

11 Mar 11

Microsoft says the vulnerability used by researcher Stephen Fewer to exploit Internet Explorer 8 has already been fixed in the RC and RTM versions of Internet Explorer 9.

09 Mar 11

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

07 Mar 11

Google is always looking for new ways to make it easier for developers to get started with our APIs. When you come across a new Google API, you often want to try it out without investing too much time. With that in mind, we are happy to announce the Google APIs Explorer, an interactive tool that lets you easily try out Google APIs right from your browser.

24 Feb 11

As a second-generation Indian who has grown up in the United States, I’ve developed a taste for great home-cooked Indian food, but not a knack for how to make it. Somehow my cooking efforts result in foods that taste over-spiced yet bland at the same time. My parents follow the art of cooking by intuition, where the right amount of each spice is measured out by gut feel, but that’s never worked very well for me.

23 Feb 11

As a web developer you’re always told you need to keep up to date on the latest and greatest technologies. Usually this is for creating applications which can take advantage of new technologies to deliver a better experience to your users. However, I think there is another angle to this, in particular; Code Rot.

22 Feb 11

Security researchers have set up a site designed to prod social networking websites into practising what they preach about web security.

10 Feb 11

Google just launched two-step verification for all Google accounts, a system which makes your Google/Gmail account—the account possibly containing the lion's share of your private communication online—considerably more secure.

31 Jan 11

Cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities1. So, in this age of accountability and expectations for secure, high quality software, what’s being done about it?

1 - 20 of 33 Next ›
20 items/page

Highlighter, Sticky notes, Tagging, Groups and Network: integrated suite dramatically boosting research productivity. Learn more »

Join Diigo