Battling XSS Today ...and Tomorrow (Part 1)

In annals of useless of advice, this answer from the Cross Site Scripting (XSS) FAQ on PHP Advisory, to the question of what end-users can do to protect themselves, must ...

Joe Lima
By Joe Lima
Oct 23

HTTP Authentication Debate: Revolution?

Platform wars aside, serious disagreements among highly-accomplished software engineers rarely involve much drama. As in the sciences generally, the professional and career incentives normally tend to favor consensus and steady ...

Joe Lima
By Joe Lima
Aug 7

Web 2.0 Security - The More Things Change...

If you spend a little time looking into the online literature for the Cross-Site Request Forgery (CSRF) exploit, you might get the impression that Web 2.0 has opened up ...

Joe Lima
By Joe Lima
Jul 24