IBM Application Security Insider

Archives

  • January 2012
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • January 2011
  • November 2010
  • March 2010
  • November 2009
  • October 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • February 2009
  • January 2009
  • December 2008
  • October 2008
  • September 2008
  • July 2008
  • June 2008
  • May 2008
  • March 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007

Categories

  • AJAX Security
  • Books
  • Hypes
  • Info Bits
  • Public Site Vulnerability Research
  • Research
  • Security Wars - A New Hope
  • Web Application Scanners
  • Web Application Security
  • Web Application Threat Classification

About

Archives

  • January 2012
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • January 2011
  • November 2010
  • March 2010
  • November 2009
  • October 2009

Categories

  • AJAX Security
  • Books
  • Hypes
  • Info Bits
  • Public Site Vulnerability Research
  • Research
  • Security Wars - A New Hope
  • Web Application Scanners
  • Web Application Security
  • Web Application Threat Classification

Recent Posts

  • Microsoft Anti-XSS Library Bypass (MS12-007)
  • Testing RESTful Services with AppScan Standard
  • Through the Looking-Glass
  • JSON-based XSS exploitation
  • DNS poisoning via Port Exhaustion
  • Google App Engine Code Execution Vulnerability (CVE-2011-1364)
  • Dolphin Browser HD Cross-Application Scripting
  • Opera Mobile Cache Poisoning XAS
  • The Ultimate Web App Security Scanner Comparison Published - AppScan Standard Leads the Pack
  • Android Browser Cross-Application Scripting (CVE-2011-2357)

Application Security Links

  • Watchfire
  • AppScan eXtensions Framework
  • Download AppScan
  • WASC
  • OWASP
  • MITRE CWE
  • NIST SAMATE
  • CGISecurity

Other Blogs We Read

  • Security Bytes
  • Michael Howard's Blog
  • Jeremiah Grossman
  • Anurag Agarwal's Blog
  • GNUCITIZEN
  • Denim Group Blog
  • Disenchant's Blog
  • ha.ckers.org
  • Zero Day (Ryan Naraine) - ZDNet blog
  • Dragos Lungu Dot Com
  • Observations of a digitally enlightened mind
  • Matasano Chargen
  • Romain Gaucher's blog (Deep Inside ' OR 1=1--/*)
  • Computer Defense
  • Application Security Space (IBM developerWorks)