Well, what an interesting weekend. A cold, working like a slave, and one of my co-workers is a father for the first time (Congrats, Ty!). But that’s not the most interesting news. I will be taking sole ownership of my forum, Aussieveedubbers, sometime this week. This means that I will have to spend a bit…
Using ASVS for real
The last time I talked about OWASP’s new Application Security Verification Standard, I had performed a Level 2B-3 review of my forum software, UltimaBB. This time, I’m working on a real project for a real customer. It’s been interesting. Level 1A and in particular, 1B has been emasculated. I’m not really sure of the value…
HttpOnly in Safari 4.0 (release)
Good news! Safari 4.0 has: Supports read only HttpOnly protection XMLHttpRequest read protection for set-cookie, set-cookie2, and GetAllResponseHeaders! It does not protect against cookie writing. Test script here: http://greebo.net/owasp/httponly.php This is a great improvement! Now all major browsers support HttpOnly in some form. thanks, Andrew
Stupid libel laws
This is disgusting. http://www.newscientist.com/article/mg20227086.200-comment-dont-criticise-or-well-sue.html If you’re in the UK, stand up to the legal bullies. Ask your MP to change the libel laws to reverse the burden of proof, and only allow actual UK citizens (and not companies or associations – foreign or not) the ability to sue. I was once sued for defamation and…
Pretty is not necessarily secure
I feel sorry for folks trying their hardest to be something they’re not. It’s time for me to put something down I’ve been saying at conferences for years. If you’re not a programmer or developer by trade, please don’t write software or web apps. Dreamweaver does not maketh you a programmer. Ajax is not a…
Validating ASVS 1.0 beta using a PHP application
A long, long time ago, I took on running Aussieveedubbers, a forum based around the love of Volkswagens. We were on EzBoard, where the adverts and performance sucked so bad, that free was no longer acceptable. Over many iterations, I now run UltimaBB, a derivative of XMB. I had various titles – including lead programmer…
OWASP EU 2009 Coming Soon!
OWASP EU 2009 is coming up! This year, it’s held in Kraków, Poland. Time to book! Program highlights: Keynote: Ross Anderson from Cambridge University. I’ve wanted to meet Ross for many years. Those guys are legends! Keynote: Bruce Schneier. I bet there are groupies w3af – Andrés Riancho. This is one of the best free toolkits I’ve tried…
OWASP Melbourne tonight!
I am appearing at OWASP Melbourne tonight. Come along and enjoy my take on protecting business value.
Texas School Board of Education ^W Dumbasses
SHAME! SHAME! SHAME! Texas’ Board of Education will be ridiculed by pretty much everyone (including me in this post). I would make more fun of them if the consequence of their gross incompetence didn’t lead directly to irreparable harm to the next ten year’s worth of students who will be unemployable in any medical, bio medical, biology, DNA testing,…
Baby Girl Makes 21,710,079
Mackenzie is now an Australian citizen. Awesome.