September 6, 2007 - 21:15 EDT
Datasets tend to make applications really hard to test. In this entry I'll explain a method you can use to improve the testability of your dataset-driven architecture.
August 6, 2007 - 15:15 EDT
ADAM contains functionality for handling password expiry. This is a property set on the user object, but it's a special kind of property.
August 2, 2007 - 12:24 EDT
The new version of Firefox supports HttpOnly cookies. Unfortunately though, as Rsnake has written about here
, the implementation has a vulnerability. Call getAllResponseHeaders() on an XMLHttpRequest object reveals the cookie.[...]
July 11, 2007 - 16:03 EDT
I guess this happens to lots of people because I found a lot of writing about it after searching google, but I didn't find any solution I could fully use. So I created a version that should work in most cases.
June 14, 2007 - 08:43 EDT
I just read in Jeremiah Grossman's blog
that Joran Wiens is performing a rolling review
of a number of web application security scanners. This should be fairly interesting. First scanner on the test bench is SPI Dynamics Webinspect
June 13, 2007 - 21:15 EDT
This may be old news for some of you, but using static non-final variables in your code can result in strange unit test behaviour. The reasoning is that states in static values may be kept between unit tests because the class or dll is not unloaded and reloaded between each unit test. This violates the principle that unit tests should be independent of each other, and can result in tests passing and failing depending on the order in which they are run. [...]
May 29, 2007 - 22:13 EDT
There are several ways to implement XSRF protection. In this implementation I'll use a combination of Viewstate and session to check the validity of a request.
May 24, 2007 - 10:28 EDT
I just read Ronald van den Heetkamp's blogpost
pointing me to a yahoo article
about DomainKeys Identified Mail (DKIM) being approved by Internet Engineering Task Force (IETF). This is good news. Let's hope for a quick widespread adoption.[...]
May 21, 2007 - 22:00 EDT
This weekend I finally found some time to "AJAXify" my photo site
and add some fading effects. I'm pretty happy with the results. Tested in IE7/IE6, Firefox and Opera.[...]
May 12, 2007 - 15:47 EDT
There has been a lot of writing about Cross-site request forgeries (XSRF/CSRF) lately. I've read numerous articles on how this could be used to capture home routers or create false online-banking transactions. In this post I'll discuss some techniques for protecting your website against XSRF.