In the past few months there has been quite a stir about the latest browser releases (Firefox 3, Opera 9.5, and of course IE8) and what new features they bring.  One of the most interesting new features found in the two more popular browsers is the ability for Ajax calls to break the same origin [...]

In annals of useless of advice, this answer from the Cross Site Scripting (XSS) FAQ on PHP Advisory, to the question of what end-users can do to protect themselves, must rank pretty high:
The easiest way to protect yourself as a user is to only follow links from the main website you wish to view. If [...]

Platform wars aside, serious disagreements among highly-accomplished software engineers rarely involve much drama. As in the sciences generally, the professional and career incentives normally tend to favor consensus and steady progress at the margins. But once in a while, things do come to a head.
This might be one of those times, at least [...]

If you spend a little time looking into the online literature for the Cross-Site Request Forgery (CSRF) exploit, you might get the impression that Web 2.0 has opened up an appalling can of security worms. In some ways this is true, but in other respects what we are seeing [...]

Everyone knows about the sharp trade-off that exists when using SSL: You get the security of an encrypted connection but you pay for it with a significant performance hit. Servers work much harder, and pages load much slower. SSL processing consumes about 70% of HTTPS transaction time