Explanation, why Google was vulnerable against UTF-7 encoding
An open webservice, that let cute little XSSler store their stolen session credentials
An open webservice, that let cute little XSSler store their stolen session credentials
Proposal for an extension of http/HTML to migiate XSS threats
Proposal for an extension of http/HTML to migiate XSS threats
When a website (E.g. example.com) makes requests to another site (E.g. myonlinebank.com), it can potentially cause harmful effects (This is called Cross-Site Request Forgery). The problem with this kind of attack is that it often goes undetected, but leaves the user with the aftermath. CsFire protects you against this kind of attacks, by rendering these requests harmless. This is done by removing authentication information (cookies and authentication headers).
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Proposals for modifications to OAuth so that I will work better outside of the web browser.
Developer guide to avoid XSS code
BrowserSpy can tell you all kinds of detailed information about you and your browser. Stuff like the version of your browser. What kind of things it supports and what it doesn't support. Furthermore it can provide you detailed information about JavaScrip