Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Cross-domain search timing HPP — What is it, and what types of attacks does it augment?

Here is the original post:
Best of Application Security (Friday, Dec. 18)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Why Chrome has No NoScript Cross-domain search timing A checklist approach to security code reviews Potent malware link infects almost 300,000 webpages HTML5 new XSS vectors Perspective on Pentagon “Pwnage” Cross-Site Request Forgery For POST Requests With An XML Body Security in Syndicated and Federated Systems IP Spoofing How fake sites trick search engines to hit the top WhiteHat Security is a leading provider of website security services

See more here:
Best of Application Security (Friday, Dec. 11)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Another fine method to exploit SQL Injection and bypass WAF Security and Facebook Platform When Is More Important Than Where in Web Application Security Apple - XSS Attack Cross-subdomain Cookie Attacks PILOT: Production in lieu of testing (AgoraCart FAIL) Facebook and MySpace security: backdoor wide open, millions of accounts exploitable SSL and TLS Authentication Gap vulnerability discovered Using Blended Browser Threats involving Chrome to steal files on your computer LinkedIN With ‘Bill Gates’ WhiteHat Security is a leading provider of website security services

View post:
Best of Application Security (Friday, Nov. 6)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end

Continued here:
Best of Application Security (Friday, Oct. 30)

Note: Delayed due to travel requirements. Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end.

See the article here:
Best of Application Security (Friday, Oct. 16)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order.

View original post here:
Best of Application Security (Friday, Sep. 25)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end.

Read more:
Best of Application Security (Friday, Sep. 18)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end

See the original post here:
Best of Application Security (Friday, Sep. 11)