Skip to main content

18 Apr 11

"The Tangled Web is my second book, and a lovingly crafted guide to the world of browser security. This is an overcrowded market, but there are two reasons why you may want to care. "

25 Mar 11

GIAC is launching a new certification for developers and application security professionals involved in defending web applications.

09 Mar 11

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

23 Feb 11

As a web developer you’re always told you need to keep up to date on the latest and greatest technologies. Usually this is for creating applications which can take advantage of new technologies to deliver a better experience to your users. However, I think there is another angle to this, in particular; Code Rot.

02 Feb 11

w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

31 Jan 11

Cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities1. So, in this age of accountability and expectations for secure, high quality software, what’s being done about it?

22 Jan 11

While there is a ton of great data within the GSR 2011 report, for this blog post, I wanted to focus a bit of attention to the web application sections of the report.  

18 Jan 11

Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack.

12 Jan 11

This week's installment of Detecting Malice with ModSecurity will discuss how to detect and prevent Cross-Site Request Forgery (CSRF) Attacks.

28 Dec 10

"The end result was that WAFs do have value when used properly, and may provide value beyond pure security, but aren't a panacea. Since you could say that about the value of a gerbil for defending against APT too, here's a little more detail..."

27 Dec 10

"This week we had 64 new APIs added to our API directory including a visual CAPTCHA service, genealogy service, user profile service, sentiment analysis for twitter service and cloud storage service. We also covered two of these APIs with full blog posts. We looked into iFixIt, the World’s First Fix-it API and deadpooled Google Base when it was axed in favor of two new shopping APIs. Below is more detail on all 64 of these new APIs. "

26 Dec 10

"A web application that contains a collection of unique vulnerable pages designed to help assessing the features, quality and accuracy of web application vulnerability scanners. "

1 - 15 of 15
20 items/page

Diigo is about better ways to research, share and collaborate on information. Learn more »

Join Diigo