comments (not for humans)
Datasets tend to make applications really hard to test. In this entry I'll explain a method you can use to improve the testability of your dataset-driven architecture.
[...]
ADAM contains functionality for handling password expiry. This is a property set on the user object, but it's a special kind of property.
[...]
The new version of Firefox supports HttpOnly cookies. Unfortunately though, as Rsnake has written about here, the implementation has a vulnerability. Call getAllResponseHeaders() on an XMLHttpRequest object reveals the cookie.[...]
I guess this happens to lots of people because I found a lot of writing about it after searching google, but I didn't find any solution I could fully use. So I created a version that should work in most cases.
[...]
I just read in Jeremiah Grossman's blog that Joran Wiens is performing a rolling review of a number of web application security scanners. This should be fairly interesting. First scanner on the test bench is SPI Dynamics Webinspect.[...]
This may be old news for some of you, but using static non-final variables in your code can result in strange unit test behaviour. The reasoning is that states in static values may be kept between unit tests because the class or dll is not unloaded and reloaded between each unit test. This violates the principle that unit tests should be independent of each other, and can result in tests passing and failing depending on the order in which they are run. [...]
There are several ways to implement XSRF protection. In this implementation I'll use a combination of Viewstate and session to check the validity of a request.
[...]
I just read Ronald van den Heetkamp's blogpost pointing me to a yahoo article about DomainKeys Identified Mail (DKIM) being approved by Internet Engineering Task Force (IETF). This is good news. Let's hope for a quick widespread adoption.[...]
This weekend I finally found some time to "AJAXify" my photo site and add some fading effects. I'm pretty happy with the results. Tested in IE7/IE6, Firefox and Opera.[...]
There has been a lot of writing about Cross-site request forgeries (XSRF/CSRF) lately. I've read numerous articles on how this could be used to capture home routers or create false online-banking transactions. In this post I'll discuss some techniques for protecting your website against XSRF.
[...]