Bryan Sullivan's Web Blog
Thoughts on web application security
Browse by Tags
bluehat
CSRF
REST
sql injection
waf
XHR
XMLHttpRequest
XSRF
xss
REST and XSRF, Part One
15 August 08 04:46 PM
|
bryansul
|
1 Comments
Hi everyone. In case you missed my talk at Black Hat , “REST for the Wicked”, I wanted to give you the Cliffs Notes version here. This will be a two-part post; the first will deal with attack techniques and the second will describe appropriate design
Read More...
Show some respect to XSS
11 June 08 05:48 PM
|
bryansul
|
1 Comments
StickyMinds.com has just posted an article of mine on the dangers of XSS . (Although they still have my old bio from when I worked at HP, I'll have to get that changed!)
Read More...
SQL injection in classic ASP
30 May 08 05:05 PM
|
bryansul
|
0 Comments
In light of the recent wake of SQL injection attacks on ASP sites, I'd like to highlight some relevant resources for learning about and responding to the threat. Bala Neerumalla has written a detailed document for preventing SQL injection in ASP (that
Read More...
Web Application Firewalls in Practice - or - Yes, Jeremiah, Secure Software Does Matter
19 May 08 05:01 PM
|
bryansul
|
2 Comments
There's been a lot of renewed interest in web application firewalls lately. In the past, I haven't been a huge fan of WAFs - they always seemed to me to be just a band-aid stuck on the sucking chest wound of insecure code. But I bumped into Jeremiah Grossman
Read More...
Cross-domain XHR will destroy the internet
04 April 08 09:23 PM
|
bryansul
|
5 Comments
Ok, maybe “destroy the internet” is a little harsh. But let’s take a look the impact that implementation of the current W3C working draft for cross domain access would have on browser security. Some people might argue that there’s no more risk from cross-domain
Read More...
BlueHat shows some love to web app security
24 March 08 09:43 PM
|
bryansul
|
3 Comments
If you haven't heard yet, BlueHat v7 is dedicating the entire block of morning sessions to web app security issues. I'll be there, talking about my first 30 days as the new web app sec guy on the SDL team. Hope to see you there!
Read More...
Search
This Blog
Home
Email
Tags
bluehat
CSRF
REST
sql injection
waf
XHR
XMLHttpRequest
XSRF
xss
Archives
August 2008 (1)
June 2008 (1)
May 2008 (2)
April 2008 (1)
March 2008 (1)
More blogs
SDL Blog
Syndication
RSS 2.0
Atom 1.0
