comments (not for humans)
Just read Kyan's post about Opera 9.5 including support for HttpOnly cookies. Nice.[...]
If you haven't allready read "Innocent Code" by Sverre H. Huseby, you should really look into it. It's not just a book for developers with a special interest in security. I actually think you should consider reading this book mandatory before developing even the smallest web application.
[...]
Just read Gnucitizen's article about exploiting firebug using javascript. This technique has been dubbed Cross-zone scripting, and is somewhat similar to XSS. Scary stuff.[...]
I'm just back from the security conference Blackhat Amsterdam 2007. It was a great trip and I met a lot of interesting people.
[...]
I was looking through my log and found a referer entry where somone had searched google with the search term "javascript+validation+to+avoid+SQL+injection". It seems some developers still don't understand that trying to lock up an application on the client side using javascript is impossible. It is like trying to avoid burglaries to your home by locking the doors to the homes of every thief around.
[...]
I just read an article on cookies in regular ASP, which explains some of the concerns related to session cookies. In this post I'll explain how this works in ASP.NET.
[...]
A colleague of mine pointed me to the Spry Framework from Adobe. It's an elegant AJAX framework with a template/taglibs-like syntax. The framework basically consists of four javascript files. These files contains classes that makes implementing Ajax really simple. You can dynamically load data or add effects to your site.
[...]
Dmitry Chan pointed me to the new release of the OWASP Testing Guide. Interesting stuff.[...]
Kyran has written a really interesting paper on AJAX-driven worms. The post can be found here: http://sudolabs.com/forum/viewtopic.php?p=19
[...]