[Security] XSRF protection

May 12, 2007 - 15:47 CEST There has been a lot of writing about Cross-site request forgeries (XSRF/CSRF) lately. I've read numerous articles on how this could be used to capture home routers or create false online-banking transactions. In this post I'll discuss some techniques for protecting your website against XSRF.
[...]

2 comment(s) | Permalink | | This entry has been viewed 23516 time(s).

[Security] Opera to support HttpOnly

May 11, 2007 - 09:02 CEST Just read Kyan's post about Opera 9.5 including support for HttpOnly cookies. Nice.[...]

0 comment(s) | Permalink | | This entry has been viewed 1637 time(s).

[Security] Book recommendation: Innocent code

April 25, 2007 - 09:00 CEST If you haven't allready read "Innocent Code" by Sverre H. Huseby, you should really look into it. It's not just a book for developers with a special interest in security. I actually think you should consider reading this book mandatory before developing even the smallest web application.
[...]

1 comment(s) | Permalink | | This entry has been viewed 1868 time(s).

[Security] Cross-zone scripting with Firebug

April 12, 2007 - 09:11 CEST Just read Gnucitizen's article about exploiting firebug using javascript. This technique has been dubbed Cross-zone scripting, and is somewhat similar to XSS. Scary stuff.[...]

0 comment(s) | Permalink | | This entry has been viewed 1653 time(s).

[Security] Blackhat Amsterdam 2007

March 31, 2007 - 11:58 CEST I'm just back from the security conference Blackhat Amsterdam 2007. It was a great trip and I met a lot of interesting people.
[...]

0 comment(s) | Permalink | | This entry has been viewed 3387 time(s).

[Security] Javascript validation to avoid SQL injection?

March 16, 2007 - 10:15 CET I was looking through my log and found a referer entry where somone had searched google with the search term "javascript+validation+to+avoid+SQL+injection". It seems some developers still don't understand that trying to lock up an application on the client side using javascript is impossible. It is like trying to avoid burglaries to your home by locking the doors to the homes of every thief around.
[...]

7 comment(s) | Permalink | | This entry has been viewed 8052 time(s).

[.NET] Session cookies in ASP.NET

March 9, 2007 - 17:23 CET I just read an article on cookies in regular ASP, which explains some of the concerns related to session cookies. In this post I'll explain how this works in ASP.NET.
[...]

9 comment(s) | Permalink | | This entry has been viewed 55495 time(s).

[CSS/HTML/Js] Spry Framework - Ajax the easy way

March 5, 2007 - 16:14 CET A colleague of mine pointed me to the Spry Framework from Adobe. It's an elegant AJAX framework with a template/taglibs-like syntax. The framework basically consists of four javascript files. These files contains classes that makes implementing Ajax really simple. You can dynamically load data or add effects to your site.
[...]

0 comment(s) | Permalink | | This entry has been viewed 5508 time(s).

[Security] Setting ADAM (AD LDS) passwords with LDP

March 1, 2007 - 13:03 CET Microsoft has a good explanation on how to set passwords using LDP here: http://technet2.microsoft.com/WindowsServer/en/library/a0c11d1d-bf96-4ad3-8066-1b36d19c11aa1033.mspx?mfr=true.
[...]

0 comment(s) | Permalink | | This entry has been viewed 1962 time(s).

[Security] OWASP Testing Guide

February 23, 2007 - 08:57 CET Dmitry Chan pointed me to the new release of the OWASP Testing Guide. Interesting stuff.[...]

0 comment(s) | Permalink | | This entry has been viewed 1543 time(s).

< Previous[1 - 10][11 - 20][21 - 30][31 - 40][41 - 50][51 - 60][61 - 70][71 - 80][81 - 90][91 - 100][101 - 101]Next >

About Erlend

I'm a senior consultant at Bekk Consulting AS. This blog is about software development, with a special focus on security.

Follow me on twitter

31.08	[Security] Rails 3.0 and XSS-protection
6.07	[Security] Avoiding NoSQL-injection with MongoDB
27.06	[Security] NOSQL-injection
7.06	[.NET] Microsoft Pex - exploratory testing
18.05	[Security] Security podcasts