Skip to main content

19 Apr 11

"It’s here! Data junkies rejoice!

Today we’re proud to release the third volume of our semi-annual State of Software Security report. This edition incorporates data from 4,835 applications analyzed via our cloud-based platform over the past 18 months."

13 Apr 11

"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."

08 Apr 11

"After a few months of back and forth, the first stage of our HTTP Header research is now live on the Shodan website."

29 Mar 11

Today, as every ordinary Monday, I went to my e-mail box and checked messages from the security community in Full-Disclosure. As usual I came across an advisory pointing out some web security vulnerabilities that differently from usual certainly had my attention.

15 Feb 11

This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior.

31 Jan 11

Cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities1. So, in this age of accountability and expectations for secure, high quality software, what’s being done about it?

1 - 6 of 6
20 items/page

Highlighter, Sticky notes, Tagging, Groups and Network: integrated suite dramatically boosting research productivity. Learn more »

Join Diigo