Ruby’s Vulnerability Handling Debacle
A bit over a week has now gone by after critical vulnerabilities in ruby’s runtime were announced and a couple of interesting developments occurred.
0 commentsSave Tags: ruby, security
Free Security Book: HAC
The Handbook of Applied Cryptography is being offered for free download (for personal use of course) from the University of Waterloo. This book covers... more »
0 commentsSave Tags: books, security, trends
Spring Web Flow CRUD Tutorial
I'm currently studying Spring Web Flow (SWF). I want to share my experience in creating a simple CRUD Web application.
0 commentsSave Tags: frameworks, java, security
Coding Horror: Open Wireless and the Illusion of Security
Bruce Schneier is something of a legend in the computer security community. He's the author of the classic, oft-cited 1994 book Applied Cryptography,... more »
0 commentsSave Tags: security
Excelsior JET 6.4: Smaller, Faster, More Secure Java
Since the beginning of time Java applications have been battered with complaints about startup time, memory footprint, performance and security.... more »
0 commentsSave Tags: java, security, unix-linux, windows
Microsoft Security Advisory Alert: SQL Injection Attacks
Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow... more »
0 commentsSave Tags: database, microsoft, security
Simple JVM sandboxing
I have written an dumb IRC bot which (among other things) can run scripts in arbitrary languages, provided they have Java implementations wrapped by... more »
0 commentsSave Tags: java, other languages, security
How to control POST requests in PHP without the Referer
A better method to prevent cross-site POST request forgeries in PHP, without relying on the notoriously un-reliable HTTP_REFERER setting.
3 commentsSave Tags: how-to, php, security
Intrusion Detection For PHP Applications With PHPIDS
This tutorial explains how to set up PHPIDS on a web server with Apache2 and PHP5. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well... more »
0 commentsSave Tags: how-to, php, security, unix-linux
Prevent form post request from another domain in PHP
HTTP POST request from outside domain is one of the way of attacking your website. A intruder can use JavaScript in other domain or localhost to send... more »
3 commentsSave Tags: how-to, php, security
Apple security team finds code execution holes in Ruby
A member of Apple’s security team has discovered multiple serious security vulnerabilities in Ruby, the popular open-source scripting language.
0 commentsSave Tags: apple, ruby, security
Beyond CAPTCHA: No Bots Allowed!
CAPTCHAs are generally one or two words presented as graphics, overlaid with some kind of distortion, and they function as a test that relies on your... more »
0 commentsSave Tags: opinion, security
How to sign a Firefox 3 extension/add-on
How to upgrade your firefox 2 addon to firefox 3, regarding the new security requirements. Describes the signing of the add-on.
0 commentsSave Tags: how-to, open source, security
Mac OS X root escalation through security flaw
Security breach that allows a regular user to escalate to root privileges using AppleScript. Works through SSH too.
0 commentsSave Tags: apple, security
Basic Security in MySQL
This article discusses the basic security feature that should be implemented when a MySQL database server is installed.
0 commentsSave Tags: database, security
ASP.NET - Preventing SQL Injection Attacks
SQL injection can occur, as demonstrated above, when an application uses input to construct dynamic SQL statements or when it uses stored procedures... more »
0 commentsSave Tags: .net, database, security, web design
Apache Rampart 1.4 released, Rampart is the security module of Axis2
Apache Rampart is the security building block of Apache Axis web service development framework. there are several new features like WS Security Policy... more »
0 commentsSave Tags: frameworks, java, security, web services
Top 10 SOA Pitfalls... #8 - Security
Last week Rik de Groot published SOA Pitfall #9: Versioning. This week it's time for #8, about security. Rik presents the problem as follows: "SOA... more »
1 commentsSave Tags: java, security, usability, web 2.0
PHP: Securing Your Input Forms From MySQL Injection Attacks
How to secure your php site from MySQL injection attacks.
12 commentsSave Tags: database, how-to, php, security
Please Give Us Your Email Password
A number of people whose opinions I greatly respect have turned me on to Yelp over the last six months or so. Yelp is a community review site, and a... more »
1 commentsSave Tags: opinion, security, web 2.0
Ajax For Evil: Spyjax
Ajax has a ton of great uses but one form of negative Ajax has taken life: Spyjax. Spyjax, as I know it, is taking information from the user’s... more »
0 commentsSave Tags: ajax, css-html, javascript, security
How I hacked Digg
An in depth article of how digg wouldn't respond to my bug reports, how I exploited a cross-site scripting vulnerability to force everyone to digg my... more »
2 commentsSave Tags: ajax, javascript, security
The Black Sunday Hack: DirecTV's Secret War On Hackers
One of the most impressive hacks I've ever read about has to be the Black Sunday kill. Since the original 2001 Slashdot article I read on this is... more »
0 commentsSave Tags: opinion, security, trends
ACEGI (Spring) Security, HTTPS, and Grails
I had a requirement in a recent project to have all logins handled by HTTPS, and I wanted to implement this using Grails 1.0.2 with the acegi-plugin.... more »
0 commentsSave Tags: frameworks, groovy, java, security
6 free security tools you shouldn't live without
Six free security tools that all IT folks should know about and use.
0 commentsSave Tags: microsoft, security, tools, unix-linux
