by Keith Casey · July 27, 2010

After playing with Flex off and on for a couple of months, I decided I would try to break it. I’m not a security guy at heart, but I’ve listened closely and improved my own stuff, so I quickly came up with four ways that I might be able to cause problems with Flex. Here are my results with each. To be clear, it is not my goal to be a nefarious troublemaker and break everything. My goal is to find out where things could break.

by Orlando Medina · July 9, 2010

ModSecurity Handbook:The Complete Guide to the Popular Open Source Web Application Firewall by Ivan Ristic. What is ModSecurity in the first place? Why does it matter to you? What makes this book important to the practice of web application design?

by Carl Anderson · May 26, 2010

Google Labs, in cooperation with Google Code University, has released a new microblogging tool called Jarlsberg, and like its namesake cheese, it’s full of holes. Security holes. Google hopes you use Jarlsberg to learn best practices on how to make your own software more secure.

by Marco Tabini · April 14, 2010

Netsparker is an automated security scanner which promises the elimination of false positives. How does it achieve such a result?

by Beth Tucker Long · April 9, 2010

A new advisory warns that a lack of entropy is making session hijacking easier, but only under certain circumstances. Core developer Ilia Alshanetsky gives us the straight dope.

by Marco Tabini · March 22, 2010

Google has released a web applications scanner that automatically outlines security issues.

by Marco Tabini · March 1, 2010

The Month of PHP Bugs was a unique event in the PHP landscape that fixed a large number of security issues. Now a call for papers has started for a new, larger initiative.