« What The Fuzz Are You Talking About?! | Main | Dangling the Pointer for Fun and Profit - BH USA 2007 »

May 30, 2007



Indeed -- Justin Schuh and Gervase Markham have some good posts on that topic:


The more discussion about how we can actually start /fixing/ the mess that is web applications and browsers, the better.


Thanks for the links Jordan.

The last OWASP AppSec conference that was held in Milan, had an interesting panel on the subject of "What is needed to fix web app sec vulnerabilities once and for all?".

At the panel, the panelists played around with the idea of improving HTTP, and adding inherent support for 'state'. the idea was that applications and browsers will communicate session state information on a separate SSL channel, instead of using cookies or parameters inside HTTP messages.

The comments to this entry are closed.

Follow us on Twitter

AppScan Free Trial

Try IBM Security AppScan software at no charge.

Become a Fan