Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Why Chrome has No NoScript Cross-domain search timing A checklist approach to security code reviews Potent malware link infects almost 300,000 webpages HTML5 new XSS vectors Perspective on Pentagon “Pwnage” Cross-Site Request Forgery For POST Requests With An XML Body Security in Syndicated and Federated Systems IP Spoofing How fake sites trick search engines to hit the top WhiteHat Security is a leading provider of website security services

See more here:
Best of Application Security (Friday, Dec. 11)