Battling XSS Today ...and Tomorrow (Part 2)

Last week (well last post since it’s been a bit of time) we looked at a very common Cross Site Scripting (XSS) scenario and at a quick but powerful ...

May 1st / By Joe Lima

Battling XSS Today ...and Tomorrow (Part 1)

In annals of useless of advice, this answer from the Cross Site Scripting (XSS) FAQ on PHP Advisory, to the question of what end-users can do to protect themselves, must ...

Oct 23rd / By Joe Lima

HTTP Authentication Debate: Revolution?

Platform wars aside, serious disagreements among highly-accomplished software engineers rarely involve much drama. As in the sciences generally, the professional and career incentives normally tend to favor consensus and steady ...

Aug 7th / By Joe Lima

Web 2.0 Security - The More Things Change...

If you spend a little time looking into the online literature for the Cross-Site Request Forgery (CSRF) exploit, you might get the impression that Web 2.0 has opened up ...

Jul 24th / By Joe Lima