The idea behind the Application Boundaries Enforcer (ABE) module is hardening the web application oriented protections already provided by NoScript, by developing a firewall-like component running inside the browser.
Microsoft ASP.NET version 2 also fights cross-site request forgeries with a MAC'ed token:
Online security check for outdated browser plug-ins
Browser based tool for website XSS testing
Anleitung, wie man in php utf7-strings zur filter evasion erzeugt
Explanation, why Google was vulnerable against UTF-7 encoding
An open webservice, that let cute little XSSler store their stolen session credentials
Proposal for an extension of http/HTML to migiate XSS threats
When a website (E.g. example.com) makes requests to another site (E.g. myonlinebank.com), it can potentially cause harmful effects (This is called Cross-Site Request Forgery). The problem with this kind of attack is that it often goes undetected, but leaves the user with the aftermath. CsFire protects you against this kind of attacks, by rendering these requests harmless. This is done by removing authentication information (cookies and authentication headers).
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
