skipfish - Project Hosting on Google Code
march 2010 by sstrudeau
A fully automated, active web application security reconnaissance tool. Key features:
google
scanner
security
testing
web
march 2010 by sstrudeau
A List Apart: Articles: The Problem with Passwords
february 2010 by sstrudeau
technique for progressive masking of user-entered password
ui
web
password
input
masking
progressive
security
ux
february 2010 by sstrudeau
The Open Security Model, Drupal and ExpressionEngine on Security | Lullabot
june 2008 by sstrudeau
Yes, Drupal has way more security advisories than Expression Engine but that's because EE doesn't report them (and they're easy to find)
drupal
expressionengine
cms
php
security
policy
practice
june 2008 by sstrudeau
Matasano Chargen » This New Vulnerability: Dowd’s Inhuman Flash Exploit
april 2008 by sstrudeau
Very well written explanation of an equally well done Flash exploit
flash
actionscript
vm
bytecode
exploit
write32
security
writing
sample
explanation
hack
april 2008 by sstrudeau
Dangers of remote Javascript
january 2008 by sstrudeau
perl.com gets burned by a 3rd party .js they used; the owner lost their domain, a porn purveyor bought it and modified the .js to redirect to the porn site.
js
javascript
domain
web
security
policy
january 2008 by sstrudeau
OpenBSD ipsecctl presentation
december 2007 by sstrudeau
The funny part: "Why is ipsec hard to use"
openbsd
ipsec
powerpoint
slides
presentation
ipsecctl
humor
lolcats
security
vpn
floss
december 2007 by sstrudeau
Miron’s Weblog » OpenSocial insecurity - no user to app authentication
november 2007 by sstrudeau
"no user authentication! Any user can forge anybody else’s identity when interacting with any OpenSocial application. As it currently stands, it is not possible to write secure social applications on the platform."
via:vielmetti
opensocial
api
security
authentication
november 2007 by sstrudeau
The Identity Corner » The problem(s) with OpenID
october 2007 by sstrudeau
Thorough critique of OpenID
openid
identity
security
phishing
critique
criticism
authentication
via:vielmetti
october 2007 by sstrudeau
IEBlog : Internet Explorer 7 Update
october 2007 by sstrudeau
Yay! Windows pirates will now get IE7 regardless of their "genuine advantage" status
via:revgeorge
ie
ie6
ie7
security
update
windows
validation
browser
thank-jebus
october 2007 by sstrudeau
AIR:HTML Security FAQ - Adobe Labs
october 2007 by sstrudeau
Adobe AIR security model FAQ -- pretty good overview of the security flaws in common ajax and ajax-like techniques. Doubley dangerous in the context of an app with direct access to the system. Interesting proposed solution.
javascript
ajax
security
adobe
air
browser
model
documentation
faq
reference
october 2007 by sstrudeau
Why cell phones are still grounded
august 2007 by sstrudeau
Nice analysis/overview of why mobile phones are banned on airplanes (basically, it's easier & cheaper for the gov't, airlines and carriers to just keep the ban in place)
mobile
phones
airlines
airplanes
faa
fcc
ban
security
interference
august 2007 by sstrudeau
Ultra High Security Password Generator
april 2007 by sstrudeau
random password / token / key generator
random
password
token
key
generator
security
april 2007 by sstrudeau
PHP: Filter Functions - Manual
march 2007 by sstrudeau
Turn on default filters for incoming user data on your web app ... protects against XSS by default. In php 5.2 and in PECL for php 5.1
filter
php
xss
security
php5
oscms2007
march 2007 by sstrudeau
heise Security - Know-how - How Skype & Co. get round firewalls
december 2006 by sstrudeau
Nice, illustrated overview of how to do UDP holepunching for NAT traversal
article
firewall
nat
network
networking
reference
security
udp
tcp
holepunching
hole
workaround
howto
illustration
december 2006 by sstrudeau
'Re: OpenSSH Certkey (PKI) adding CAL (online verification)' - MARC
december 2006 by sstrudeau
nice if you run a whole bunch of servers with shared SSH access and you like to use key-based auth...
ssh
openssh
security
keys
key
management
tool
cal
access
december 2006 by sstrudeau
TextDrive Help Desk
september 2006 by sstrudeau
precondition failure errors in TextPattern
textdrive
security
spam
howto
textpattern
apache
precondition
failure
error
september 2006 by sstrudeau
the cool hunter - IN-LOCK
august 2006 by sstrudeau
stake that screws into the ground to give you something to lock your bike to in absense of a lightpost. :)
bicycle
bike
motorcycle
scooter
lock
security
stake
cool
wishlist
travel
august 2006 by sstrudeau
related tags
access ⊕ actionscript ⊕ activex ⊕ adobe ⊕ air ⊕ airlines ⊕ airplanes ⊕ airport ⊕ ajax ⊕ antispam ⊕ apache ⊕ api ⊕ approved ⊕ article ⊕ attack ⊕ authentication ⊕ backup ⊕ ban ⊕ bicycle ⊕ bike ⊕ bikes ⊕ bookmarklet ⊕ browser ⊕ bytecode ⊕ c++ ⊕ cal ⊕ captcha ⊕ clickjack ⊕ clickjacking ⊕ cms ⊕ code ⊕ comment ⊕ conrol ⊕ cookie ⊕ cool ⊕ criticism ⊕ critique ⊕ crumb ⊕ defense ⊕ disk ⊕ documentation ⊕ domain ⊕ drupal ⊕ electronics ⊕ email ⊕ encryption ⊕ error ⊕ escape ⊕ example ⊕ explanation ⊕ exploit ⊕ expressionengine ⊕ faa ⊕ failure ⊕ faq ⊕ fcc ⊕ filter ⊕ firewall ⊕ flash ⊕ floss ⊕ form ⊕ framebuster ⊕ framebusting ⊕ gate ⊕ generator ⊕ geolocation ⊕ google ⊕ goolag ⊕ hack ⊕ hole ⊕ holepunching ⊕ howto ⊕ https ⊕ humor ⊕ identity ⊕ ie ⊕ ie6 ⊕ ie7 ⊕ illustration ⊕ imap ⊕ injection ⊕ input ⊕ interference ⊕ inventory ⊕ ipsec ⊕ ipsecctl ⊕ java ⊕ javascript ⊕ js ⊕ jsonp ⊕ key ⊕ keys ⊕ learning ⊕ list ⊕ location ⊕ lock ⊕ locks ⊕ lolcats ⊕ mail ⊕ management ⊕ mapreduce ⊕ masking ⊕ mobile ⊕ model ⊕ motorcycle ⊕ mysql ⊕ nat ⊕ network ⊕ networking ⊕ openbsd ⊕ openid ⊕ opensocial ⊕ openssh ⊕ oscms2007 ⊕ osx ⊕ parkinglot ⊕ password ⊕ pc ⊕ performance ⊕ phishing ⊕ phones ⊕ php ⊕ php5 ⊕ policy ⊕ politics ⊕ powerpoint ⊕ practice ⊕ precondition ⊕ presentation ⊕ progressive ⊕ proxy ⊕ python ⊕ rails ⊕ random ⊕ recipe ⊕ recommended ⊕ reference ⊕ ruby ⊕ s3 ⊕ sample ⊕ scan ⊕ scanner ⊕ scooter ⊕ secure ⊕ security ⊖ server ⊕ slides ⊕ software ⊕ spam ⊕ ssh ⊕ ssl ⊕ stake ⊕ tcp ⊕ technique ⊕ testing ⊕ textdrive ⊕ textpattern ⊕ thank-jebus ⊕ token ⊕ tool ⊕ travel ⊕ tsa ⊕ udp ⊕ ui ⊕ unix ⊕ update ⊕ ux ⊕ validation ⊕ vendor ⊕ via:revgeorge ⊕ via:vielmetti ⊕ vm ⊕ vpn ⊕ web ⊕ windows ⊕ wishlist ⊕ workaround ⊕ write32 ⊕ writing ⊕ xss ⊕ yellowbar ⊕Copy this bookmark: