random dross

Web security and beyond...

  • random dross

    New webappsec tools

    • 1 Comments
    Chris Weber's Watcher: http://www.lookout.net/2009/03/20/watcher-security-tool-a-free-web-app-security-testing-and-compliance-auditing-tool/ Watcher plugs into the Fidder HTTP proxy and monitors for all sorts of web app vulns, from the common to the...
  • random dross

    MashupOS

    • 0 Comments
    The standard IFRAME-based isolation technique for web apps is starting to show its age. We need something better! Microsoft Research has posted a new paper scheduled to appear at SOSP '07 : Protection and Communication Abstractions for Web Browsers...
  • random dross

    Security Vulnerability Research & Defense blog

    • 0 Comments
    My team now has a blog! http://blogs.technet.com/swi/ I'll be contributing to the team blog in the future. But don't worry -- my personal blog (this one) isn't going away!
  • random dross

    Video Roundup (Martin Johns and more!)

    • 3 Comments
    Recently I got Martin Johns connected with Helen Wang 's group in Microsoft Research. Check out Martin's excellent talk @MSR, Secure Code Generation for Web Applications . Here are a few other gems I discovered on content.digitalwell.washington.edu...
  • random dross

    Lead my team!

    • 0 Comments
    My team (SWI React) is hiring for a lead position . Details: Job Title: Lead Software Development Engineer Job Category: Software Development Product: Trustworthy Computing Date Posted: 02...
  • random dross

    XSS Filter Improvements in IE8 RC1

    • 1 Comments
    I've just posted detail up on the SVRD Blog about some improvements and bug fixes to the XSS Filter feature in IE8 RC1 .
  • random dross

    The Kill-Bit FAQ - Part 1 of 3 posted to SVRD blog

    • 0 Comments
    Check out my ActiveX Kill-Bit FAQ which is now being posted to the SVRD blog . There are three parts, the first of which is now live. Parts two and three should be up by the end of the week.
  • random dross

    Creating XSS

    • 0 Comments
    I’ve seen MS10-002 pop up a few times in discussion recently. This is a reference to the legendary issue that David Lindsay and Eduardo Vela Nava discovered, where neutering for a given heuristic actually enabled XSS, assuming attacker control of...
  • random dross

    Thoughts on Legacy Character Sets

    • 0 Comments
    One of the things I have taken from the IE XSS Filter project is a healthy fear of legacy character sets. If you've followed Chris Weber , Scott Stender , or Yosuke Hasegawa ’s work, you know that even Unicode is... interesting. But at least in the Unicode...
  • random dross

    Inspect Your Gadget

    • 0 Comments
    Michael Howard and I have written up some guidance on how to develop secure Vista Sidebar Gadgets: Inspect Your Gadget
  • random dross

    IE8 is here!

    • 1 Comments
    http://www.microsoft.com/ie What are you waiting for? Go get it!
  • random dross

    My blog has moved...

    My blog has moved to randomdross.blogspot.com . Please update your RSS readers, etc.
Page 2 of 2 (37 items) 12