Web Security
Page 1 of 41234

Jan 4th, 2010

Comments: 0
Category: Penetration Testing
Read More

Tools I use – Burp

I’ve been meaning to do a post on burp for a while, and courtesy of my new years resolution to stop procrastinating, here it is 🙂 I was thinking of a way to sum up burp, so far the best I’ve got is “If you’re doing web application testing and not using Burp, you’re missing […]

Mar 31st, 2009

Comments: 1
Category: Ruby On Rails
Read More

Scotland on Rails – Web Application Security

It was the Scotland on Rails 2009 conference on Friday/Saturday of last week. A great couple of days with loads of interesting Ruby and Rails talks (I’m planning more of a recap once the videos are out) I presented on Web Application Security (slides here), which seemed to go down reasonably well. One of the […]

Mar 25th, 2009

Comments: 0
Category: Web Security
Read More

Thoughts on Secure Data Handling in web applications…

I had an interesting conversation/debate over on reddit today on the topic of input handling and I thought it was worth posting up. Essentially there are two approaches handling data in an web applications. 1. Carry out input validation as the data enters your application. This can either be white-list (only allow “known good” data […]

Mar 8th, 2009

Comments: 0
Category: Ruby On Rails
Read More

XSS in Rails Applications

I’m doing some research at the moment for a presentation I’m doing for the Scotland on Rails conference, later this month. As part of that I’ve been downloading some sample Rails applications to get an idea of common security issues that I can discuss. Interestingly on popular applications that I’ve downloaded so far, I’m 2 […]

Mar 5th, 2007

Comments: 0
Category: Web Security
Read More

Web 2.0 security it’s not going to be pretty

1 Raindrop: Understand Web 2.0 Security Issues – As Easy as 2, 1, 3 Very good points made in this post. At the moment the probablw saviour for a lot of transactional sites is that they’ve been really slow on the bandwagon, so are still running web 1.0 style sites! That said, the more information […]

Jan 1st, 2007

Comments: 0
Category: Web Security
Read More

Perils of persistent Logins…

Interesting post from Nitesh dhanjani here pointing out a problem with Gmail contact lists being available to malicious website owners. Now this only works if you’re logged into gmail, but if you’ve used it recently and not explicitly logged out… then it’ll keep you logged in… Now google should obviously fix this problem, but I […]

Dec 1st, 2006

Comments: 0
Category: Web Security
Read More

Finally ! A sensible view on AJAX Security

A post over on White Hat Security makes a great run at bursting the bubble of all the people saying that AJAX is some kind of terrible security risk. I won’t reiterate the arguments in the article, ’cause they do a pretty good job of laying out what the problems and non-problems of AJAX security […]