Browse by Tags
All Tags »
Secure Design »
Software Security (
RSS)
When you're dealing with users in a web environment, invariably you'll want to know who's who. Because HTTP is stateless, web applications expect some random and difficult-to-guess piece of data with each request that's unique for each user. In most modern...
Reading articles, browsing marketing materials, and listening to presentations about application security, you hear variations on a theme: "Input validation is absolutely critical to application security, and most application risks involve tainted input...
I attended the Rich Web Experience conference in San Jose last week, along with my colleague Dean Saxe (who was speaking there on AJAX Security and Web Hacking). I'm not much of a Web 2.0 designer, and some of the talks were lost on me. It reminded me...
Remember Goofus and Gallant, the kids in the Highlights magazine, that dentist's office staple? Goofus always made the mistakes, Gallant was always perfect. Teaching kids right from wrong. While trying to explain a simple security problem in a web application...