As a web developer you’re always told you need to keep up to date on the latest and greatest technologies. Usually this is for creating applications which can take advantage of new technologies to deliver a better experience to your users. However, I think there is another angle to this, in particular; Code Rot.
Cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities1. So, in this age of accountability and expectations for secure, high quality software, what’s being done about it?
While there is a ton of great data within the GSR 2011 report, for this blog post, I wanted to focus a bit of attention to the web application sections of the report.
Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack.
This week's installment of Detecting Malice with ModSecurity will discuss how to detect and prevent Cross-Site Request Forgery (CSRF) Attacks.
"The end result was that WAFs do have value when used properly, and may provide value beyond pure security, but aren't a panacea. Since you could say that about the value of a gerbil for defending against APT too, here's a little more detail..."
"This week we had 64 new APIs added to our API directory including a visual CAPTCHA service, genealogy service, user profile service, sentiment analysis for twitter service and cloud storage service. We also covered two of these APIs with full blog posts. We looked into iFixIt, the World’s First Fix-it API and deadpooled Google Base when it was axed in favor of two new shopping APIs. Below is more detail on all 64 of these new APIs. "
"Comparison & Assessment of 43 Free & Open Source Black Box Web Application Vulnerability Scanners"
Click in to find related links.