Attack vector for Windows Genuine Disadvantage

The other day, WGA decided that my volume licensed copy of Visio was a pirated copy. This is laughable… and annoying. Luckily, the situation sorted itself out; I have Visio 2007 installed and I was able to use that until Microsoft used the rubber hose on WGA’s servers. But it got me to thinking how […]

Reviewing Spring Web Flow apps (and JSTL and Spring Framework)

Well, I’ve just had the (somewhat dubious) pleasure of reviewing my first Spring Web Flow app. Initially, I thought ARRRRGH Aspect Oriented Programming (AOP) dudes are on crack… and then I got the Kool-Aid. Here’s the low down for all you l33t code reviewers: it makes doing code reviews extremely hard … and extremely easy. […]

Ajax Security

Good news, everyone! I’m writing a new book on Ajax Security. You can follow development at I am looking for a co-author to bring the book to fruition faster (and to avoid marital breakdown!), so if you’re interested and have lots of Ajax and security experience (20 years or better!) and have the mad […]