Jeremiah Grossman

A page to show up #1 on Google when searching for "Jeremiah" (Currently #4).
Only the prophet and TV show left!
I have the edge, TV show is cancelled and the prophet isn't generating any new content.

The prophet, TV show, and that pesky Owyang guy going down!
A page to show up #1 on Google when searching for "Jeremiah Grossman", and it FINALLY has!

Friday, April 16, 2010

Best of Application Security (Friday, Apr. 16)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.
  • Apache Foundation Hit by Targeted XSS Attack + Internal investigation + Associated Atlassian breach
  • CSRF Isn’t A Big Deal - Duh!
  • Network Solutions Hack: Secure File Permissions Matter + Sucuri Analysis
  • OWASP RFP Criteria Project
  • IE 8 Security Features Could Be Turned Against Users + Slides & PoC
  • Next-Generation Clickjacking Attacks Revealed + Tool
  • Brokerage Firm Fined $375,000 for Unsecured Data
  • Researcher Uncovers (Another) Major Facebook Security Exploit
  • New Full Disclosure, Website Vulnerabilities Database
  • Chrome Phishing
  • 5 Reasons HTTPOnly won't save you
Posted by Jeremiah Grossman at 3:00 PM

0 comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

About Me

My Photo
Jeremiah Grossman
Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security [My Resume]
View my complete profile

Subscribe

Posts
Atom
Posts
Comments
Atom
Comments

Presentations

  • Mo' Money Mo' Problems
  • Get Rich or Die Trying
  • Top Ten Web Hacking Techniques (2008)
  • Website Security Statistics Report (Q1'09)

White Papers

  • Website Security 101
  • Vulnerability Assessment Plus Web Application Firewall (VA+WAF)
  • Technology Alone cannot Defeat Website Attacks: Understanding Technical vs. Logical Vulnerabilities
  • Top 5 Myths of Website Security
  • Seven Business Logic Flaws That Put Your Website At Risk
  • Cross Site Scripting (XSS) Worms and Viruses
  • Cross Site Request Forgery (CSRF)
  • Automated Scanning vs the OWASP Top Ten
  • 10 Things You Should Know about Website Security

Twitter Updates (@jeremiahg)

Twitter Updates

    follow me on Twitter

    (IN)SECURE Magazine

    (IN)SECURE Magazine

    My Links

    • WhiteHat Security
    • Web Application Security Consortium
    • GGAFL
    • OWASP [San Jose]
    • CGI Security
    • ha.ckers.org
    • Maui Tours
    • Maui Real Estate

    Blog Archive

    • ►  2012 (1)
      • ►  January (1)
        • TEDxMaui -- Hack Yourself First
    • ►  2011 (18)
      • ►  December (1)
        • Terrified
      • ►  June (1)
        • How I got my start -- in Brazilian Jiu-Jitsu
      • ►  May (1)
        • Web security content moving to new WhiteHat Securi...
      • ►  March (3)
        • Sentinel SecurityCheck
        • 11th WhiteHat Website Security Statistic Report: W...
        • Robert “RSnake” Hansen, age 34, has passed away, o...
      • ►  February (5)
        • Top Ten Web Hacking Techniques of 2011
        • BINGO! for Application Security
        • Web Browsers and Opt-In Security
        • Remote participation for the 2011 OWASP Summit
        • Do-Not-Track (How about piggybacking on the User-A...
      • ►  January (7)
        • Travel the World, Meet new People, and Fight them
        • Top Ten Web Hacking Techniques of 2010 (Official)
        • How-to send HTML email, XSS testing WebMail system...
        • The Application Security Spending Conundrum
        • Final Fifteen - Web Hacking Techniques
        • Open letter to OWASP
        • Vote Now! Top Ten Web Hacking Techniques of 2010
    • ▼  2010 (62)
      • ►  December (9)
        • Which mountain would you rather climb?
        • Bug Bounty Programs comes to Website Security: Wha...
        • Sandboxing: Welcome to the Dawn of the Two-Exploit...
        • Why Speed & Frequency of Software Security Testing...
        • DO NOT Poke the Bear
        • Spoofing Google search history with CSRF
        • Internet Explorer 9 ad blocking via "Tracing Prote...
        • Google rewards the first set of reserachers in the...
        • Website Monocultures and Polycultures
      • ►  November (2)
        • Prizes for the Top Ten winners
        • Calling all security researchers! Submit your new ...
      • ►  October (1)
        • Killing the Evercookie (Google Chrome w/o Restart)...
      • ►  September (3)
        • The Safari AutoFill hack LIVES!
        • Website Security Statistics Report (2010) - Indust...
        • Our infrastructure -- Assessing Over 2,000 website...
      • ►  August (2)
        • Website Vulnerability Assessments: Good, Fast, or ...
        • Breaking Browsers: Hacking Auto-Complete (All Mate...
      • ►  July (5)
        • In Firefox we can’t read auto-complete, but we can...
        • Patching auto-complete vulnerabilities not enough,...
        • Stealing AutoComplete form data in Internet Explor...
        • I know who your name, where you work, and live (Sa...
        • Third-Party Web Widget Security FAQ
      • ►  June (5)
        • Full-Disclosure, Our Turn
        • In a cyber-war, we fight for economic well-being
        • The Low Hanging Fruit scanner strategy can get you...
        • anti-waf-software-security-only-zealotry
        • Microsoft security IS “good enough” and that’s the...
      • ►  May (3)
        • Replacing Happiness with Pride (Rugged)
        • Ceding the desktop security battle, almost the war...
        • Time to start blogging again...
      • ▼  April (3)
        • Best of Application Security (Friday, Apr. 16)
        • Best of Application Security (Friday, Apr. 9)
        • Best of Application Security (Friday, Apr. 2)
      • ►  March (6)
      • ►  February (12)
      • ►  January (11)
    • ►  2009 (75)
      • ►  December (7)
      • ►  November (5)
      • ►  October (8)
      • ►  September (5)
      • ►  August (11)
      • ►  July (6)
      • ►  June (4)
      • ►  May (5)
      • ►  April (4)
      • ►  March (4)
      • ►  February (5)
      • ►  January (11)
    • ►  2008 (117)
      • ►  December (6)
      • ►  November (2)
      • ►  October (2)
      • ►  September (8)
      • ►  August (8)
      • ►  July (10)
      • ►  June (16)
      • ►  May (16)
      • ►  April (19)
      • ►  March (11)
      • ►  February (4)
      • ►  January (15)
    • ►  2007 (195)
      • ►  December (5)
      • ►  November (19)
      • ►  October (11)
      • ►  September (10)
      • ►  August (13)
      • ►  July (22)
      • ►  June (17)
      • ►  May (25)
      • ►  April (18)
      • ►  March (21)
      • ►  February (12)
      • ►  January (22)
    • ►  2006 (123)
      • ►  December (11)
      • ►  November (21)
      • ►  October (20)
      • ►  September (29)
      • ►  August (16)
      • ►  July (15)
      • ►  June (3)
      • ►  January (8)
    • ►  2005 (99)
      • ►  November (2)
      • ►  October (3)
      • ►  September (5)
      • ►  August (9)
      • ►  July (14)
      • ►  June (15)
      • ►  May (13)
      • ►  April (9)
      • ►  March (11)
      • ►  February (7)
      • ►  January (11)
    • ►  2004 (14)
      • ►  December (7)
      • ►  November (6)
      • ►  June (1)
    • ►  2001 (2)
      • ►  November (1)
      • ►  March (1)
    Picture Window template. Powered by Blogger.