Battling XSS Today ...and Tomorrow (Part 2)
Last week (well last post since it’s been a bit of time) we looked at a very common Cross Site Scripting (XSS) scenario and at a quick but powerful ...
Battling XSS Today ...and Tomorrow (Part 1)
In annals of useless of advice, this answer from the Cross Site Scripting (XSS) FAQ on PHP Advisory, to the question of what end-users can do to protect themselves, must ...
Lessons Learned: Think Twice Before Switching Languages
Over at the O’Reilly Ruby blog, Derek Sivers has an intestesting post up, describing what he learned from his decision to revert to PHP for the complete rewrite of ...
HTTP Authentication Debate: Revolution?
Platform wars aside, serious disagreements among highly-accomplished software engineers rarely involve much drama. As in the sciences generally, the professional and career incentives normally tend to favor consensus and steady ...
Web 2.0 Security - The More Things Change...
If you spend a little time looking into the online literature for the Cross-Site Request Forgery (CSRF) exploit, you might get the impression that Web 2.0 has opened up ...