Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Cross-domain search timing HPP — What is it, and what types of attacks does it augment?

Here is the original post:
Best of Application Security (Friday, Dec. 18)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Why Chrome has No NoScript Cross-domain search timing A checklist approach to security code reviews Potent malware link infects almost 300,000 webpages HTML5 new XSS vectors Perspective on Pentagon “Pwnage” Cross-Site Request Forgery For POST Requests With An XML Body Security in Syndicated and Federated Systems IP Spoofing How fake sites trick search engines to hit the top WhiteHat Security is a leading provider of website security services

See more here:
Best of Application Security (Friday, Dec. 11)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! OWASP Top Ten 2010 and The Principles of Secure Development Major IE8 flaw makes ’safe’ sites unsafe & NoScript author’s response DNS Rebinding for Scraping and Spamming Reversing JavaScript Shellcode: A Step By Step How-To Brute-Forcing Compatibility Preventing Security Development Errors: Lessons Learned at Windows Live by Using ASP.NET MVC OWASP Board - Election Results Announcing ModSecurity Handbook ESAPI Web Application Firewall released! OWASP Top Ten and ESAPI & Part 2 WhiteHat Security is a leading provider of website security services

More here:
Best of Application Security (Friday, Nov. 20)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Another fine method to exploit SQL Injection and bypass WAF Security and Facebook Platform When Is More Important Than Where in Web Application Security Apple - XSS Attack Cross-subdomain Cookie Attacks PILOT: Production in lieu of testing (AgoraCart FAIL) Facebook and MySpace security: backdoor wide open, millions of accounts exploitable SSL and TLS Authentication Gap vulnerability discovered Using Blended Browser Threats involving Chrome to steal files on your computer LinkedIN With ‘Bill Gates’ WhiteHat Security is a leading provider of website security services

View post:
Best of Application Security (Friday, Nov. 6)

Note: Delayed due to travel requirements. Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end.

See the article here:
Best of Application Security (Friday, Oct. 16)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end.

See original here:
Best of Application Security (Friday, Oct. 2)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end.

Read more:
Best of Application Security (Friday, Sep. 18)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end

Follow this link:
Best of Application Security (Friday, Aug. 21)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end

The rest is here:
Best of Application Security (Friday, Aug. 14)