Tuesday, April 5, 2011

Musings On PHP.JS (And Similar Libraries)

I have always been intrigued by projects such as PHP.JS. To be completely honest, it's not because I though they were "neat" or "innovative", but because they have always made me ask myself "Why would someone seriously want to do something like that?!?!?"...  Let me try to explain my standpoint.

Friday, April 1, 2011

XSS - Web Application Security - Post 2

In the first post of this series, we looked at some fundamental concepts of Web Application Security, and introduced the concept of Filter In, Escape Out.  In today's post, we will be examining the single most prolific vulnerability plaguing web applications today: Cross-Site Scripting (otherwise known as XSS).  Not only is it prolific, it's also commonly under-estimated and is often just a low priority after-thought.  In reality, XSS is a formidable threat and needs to be treated as such.