Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution Three Steps to a Rational Security Budget Hackvertor and JSReg Multiple DOM-Based XSS in Dojo Toolkit SDK Weak security ID questions put e-mail at risk XSS demo for stealing passwords from the Firefox password manager …because you can’t get enough of clickjacking A gentle introduction to return-oriented programming Facebook Adds Code for Clickjacking Prevention Notes Richard Bejtlich OWASP Podcast WhiteHat Security is a leading provider of website security services.

View original post here:
Best of Application Security (Friday, Mar. 12)