Some people - including a brilliant colleague of mine - think security is not the job of software developers. In the grand scheme of things I think such an approach is shortsighted and bad for business. It's kind of like an auto assembly line worker not being responsible for the quality of his work or citizens not being responsible for their own healthcare (oh wait!) or why the bottom 50% ...
Continue Reading...Here's an informative video and accompanying article by the folks at Acunetix showing the exploitation of XSS on Facebook. It demonstrates how XSS can not only be made into a serious flaw but also how it's carried out in the background without the user ever knowing about it....
Continue Reading...Don't assume that your Web security concerns stop at the login prompt. Here's a new piece I wrote where I talk about cross-site scripting (XSS) and whether or not it matters for logged-in users:Authenticated XSS - problem or not?...
Continue Reading...Here's my latest information security content...many more to come soon! Hope these prove to be of value to you.Finding cross-site scripting (XSS) application flaws checklistThe Windows Report - Analyzing the IT Job Market (podcast)Be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, and more....
Continue Reading...I "tweeted" about this but I had to post it here as well. I just realized that my new article for SearchSoftwareQuality.com on XSS actually executes JavaScript when loading because of some sample code I inserted into it!! It's not actual XSS but looks like it! Ahh the irony.Finding cross-site scripting (XSS) application flaws checklistBTW, I'm working on getting it resolved......
Continue Reading...Here are my information security articles from this week that you may be interested in.Web application hacking: Inside the mind of an attacker Cross-site scripting 101: XSS attacks plague Web browsersFor all of my past information security tips and tricks be sure to check out www.principlelogic.com/resources.html.Enjoy!...
Continue Reading...