Skip to main content

Apr 18, 11

"The Tangled Web is my second book, and a lovingly crafted guide to the world of browser security. This is an overcrowded market, but there are two reasons why you may want to care. "

Mar 25, 11

GIAC is launching a new certification for developers and application security professionals involved in defending web applications.

Mar 09, 11

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

Feb 23, 11

As a web developer you’re always told you need to keep up to date on the latest and greatest technologies. Usually this is for creating applications which can take advantage of new technologies to deliver a better experience to your users. However, I think there is another angle to this, in particular; Code Rot.

Feb 02, 11

w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

Jan 31, 11

Cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities1. So, in this age of accountability and expectations for secure, high quality software, what’s being done about it?

Jan 22, 11

While there is a ton of great data within the GSR 2011 report, for this blog post, I wanted to focus a bit of attention to the web application sections of the report.  

Jan 18, 11

Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack.

Jan 12, 11

This week's installment of Detecting Malice with ModSecurity will discuss how to detect and prevent Cross-Site Request Forgery (CSRF) Attacks.

Dec 28, 10

"The end result was that WAFs do have value when used properly, and may provide value beyond pure security, but aren't a panacea. Since you could say that about the value of a gerbil for defending against APT too, here's a little more detail..."

Dec 27, 10

"This week we had 64 new APIs added to our API directory including a visual CAPTCHA service, genealogy service, user profile service, sentiment analysis for twitter service and cloud storage service. We also covered two of these APIs with full blog posts. We looked into iFixIt, the World’s First Fix-it API and deadpooled Google Base when it was axed in favor of two new shopping APIs. Below is more detail on all 64 of these new APIs. "

Dec 26, 10

"A web application that contains a collection of unique vulnerable pages designed to help assessing the features, quality and accuracy of web application vulnerability scanners. "

Dec 26, 10

"Comparison & Assessment of 43 Free & Open Source Black Box Web Application Vulnerability Scanners"

1 - 15 of 15
20 items/page

Highlighter, Sticky notes, Tagging, Groups and Network: integrated suite dramatically boosting research productivity. Learn more »

Join Diigo