"You may be familiar with the Emerging Threats project. They have a few Snort rules files related to known web application vulnerabilities and attacks:
"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."
"Exactly one year ago, we launched a new version of the Google document editor, created from the ground up to take advantage of the latest capabilities in modern web browsers like Chrome. In particular, we baked in a way of supporting text features that aren’t natively included with browsers—for example, we added a ruler for controlling the margins, text that wraps around images to create eye-catching docs and discussions for a more collaborative editing experience."
"After a few months of back and forth, the first stage of our HTTP Header research is now live on the Shodan website."
"This is a follow-up post to ModSecurity Advanced Topic of the Week: Malware Link Detection in which we will highlight a new capability within ModSecurity v2.6 that allows for removal of data within response bodies."
Proving that no website is ever truly secure, it is being reported that MySQL.com has succumbed to a SQL injection attack.
Although the Firefox team has an entire page on the mozilla.com website dedicated to the new security features in Firefox 4, they seem to have forgotten to mention HTTP Strict Transport Security (HSTS).
Microsoft says the vulnerability used by researcher Stephen Fewer to exploit Internet Explorer 8 has already been fixed in the RC and RTM versions of Internet Explorer 9.
Google is always looking for new ways to make it easier for developers to get started with our APIs. When you come across a new Google API, you often want to try it out without investing too much time. With that in mind, we are happy to announce the Google APIs Explorer, an interactive tool that lets you easily try out Google APIs right from your browser.
As a second-generation Indian who has grown up in the United States, I’ve developed a taste for great home-cooked Indian food, but not a knack for how to make it. Somehow my cooking efforts result in foods that taste over-spiced yet bland at the same time. My parents follow the art of cooking by intuition, where the right amount of each spice is measured out by gut feel, but that’s never worked very well for me.
As a web developer you’re always told you need to keep up to date on the latest and greatest technologies. Usually this is for creating applications which can take advantage of new technologies to deliver a better experience to your users. However, I think there is another angle to this, in particular; Code Rot.
Security researchers have set up a site designed to prod social networking websites into practising what they preach about web security.
Google just launched two-step verification for all Google accounts, a system which makes your Google/Gmail account—the account possibly containing the lion's share of your private communication online—considerably more secure.
Cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities1. So, in this age of accountability and expectations for secure, high quality software, what’s being done about it?
Click in to find related links.