PUBLIC MARKS with tags webdev & security

The whole idea of naked password is to encourage your users to enter stronger passwords. Our beautiful model Sally tastefully removes items of clothing as the password grows stronger.

3 interesting articles on secure cookie with php and zend framework

- Move Flash files to a secondary domain – just as is recommended with all third-party / user generated / untrusted content. This solution has promise as it sets up some domain barriers in the event a vulnerable Flash file shows up linked from your website.

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

I've talked about CSRF before, but this time I wanted to show some of the underlying basics of it and explain why it isn't a new trick or something special. It is part of browsers and the way HTTP works, also to remove any argument that POST should be safer then GET. I know this is Internet basics, it still can be refreshing to read it over from time to time.

This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion.

In this article, we will show you how CSRF and XSS work and how to defend against them. To dispel the myths about these attacks, I will assume the role of a hacker and show how the supposedly harmless injection of tiny bits of HTML can perform amazing things, from stealing the user's identity to a completely transparent rewrite of site content.

I’ve had a number of people over the last year or so ask me what good sites are out there for people to learn about web application security.

BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting (XSS) issues in real-time.

RBAC stands for Role Based Access Control. Its a system used to grant users certain privelages to areas or functionality of a website. In Symfony, it allows you to give groups of people access to modules, action, and even whether or not to execute code within actions or templates.

It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Oedipus is an open source web application security analysis and testing suite written in Ruby. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities.

"Hacking Google" isn't exactly new. That is, using the search engine to look for confidential information. But as McAfee's senior vice president for Risk Management George Kurtz demonstrated today at RSA conference, that didn't prevent users and organisat

***好站

***

After a while, the requirements are pretty similar, but to pass our first audit wasn't easy. Here's a sampling of what is required