Battling XSS Today ...and Tomorrow (Part 2)

Last week (well last post since it’s been a bit of time) we looked at a very common Cross Site Scripting (XSS) scenario and at a quick but powerful ...

Joe Lima
By Joe Lima
May 1st, 2008

Battling XSS Today ...and Tomorrow (Part 1)

In annals of useless of advice, this answer from the Cross Site Scripting (XSS) FAQ on PHP Advisory, to the question of what end-users can do to protect themselves, must ...

Joe Lima
By Joe Lima
Oct 23rd, 2007

HTTP Authentication Debate: Revolution?

Platform wars aside, serious disagreements among highly-accomplished software engineers rarely involve much drama. As in the sciences generally, the professional and career incentives normally tend to favor consensus and steady ...

Joe Lima
By Joe Lima
Aug 7th, 2007

Web 2.0 Security - The More Things Change...

If you spend a little time looking into the online literature for the Cross-Site Request Forgery (CSRF) exploit, you might get the impression that Web 2.0 has opened up ...

Joe Lima
By Joe Lima
Jul 24th, 2007