csrf
Featured
March 4, 2013, No comments

Anthony Ferrara wrote on his blog few steps to prevent CSRF attacks, also as a follow-up to a discussion previously started on this blog and on twitter also. First he […]

xss-auditor
Featured
March 4, 2013, No comments

The spammer blog posted about bypassing XSS Auditor, a tool built-in Chrome and IE and enabled by default to prevent XSS attacks or just doing some weird things to your […]

skipfish-screen
Featured
March 22, 2010, 3 Comments

Google released a new security tool Skipfish; a fully automated, active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive […]

HTMLPurifier
Featured
June 20, 2008, 1 Comment

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet […]

  • csrf
  • xss-auditor
  • skipfish-screen
  • HTMLPurifier

Recent Posts

mapscreen

Plain text considered harmful: A cross-domain exploit

March 4, 2013, No comments

Benjamin Dumke-von der Ehe posted a proof of concept for a cross domain exploit using plain text, available mainly in Firefox using Proxy objects and ...

csrf

Anthony Ferrara: Preventing CSRF Attacks

March 4, 2013, No comments

Anthony Ferrara wrote on his blog few steps to prevent CSRF attacks, also as a follow-up to a discussion previously started on this blog and on twitte ...

xss-auditor

The Spanner Blog : Bypassing XSSAuditor

March 4, 2013, No comments

The spammer blog posted about bypassing XSS Auditor, a tool built-in Chrome and IE and enabled by default to prevent XSS attacks or just doing some we ...