Known criticisms of PHP or "how to bash a language"
A lot of things have changed since PHP 2.0 most of them for the better. But many of its faults will not be changed or cannot be changed.
7 commentsSave Tags: methodology, opinion, php, security
Web Applications and Software Security
bloid 
via informit.com
Is Web application security commanding too much attention at the expense of other security issues? Gary McGraw argues that by understanding the... more »
0 commentsSave Tags: opinion, security
Rerouting Spring Security 2 Login Page Through a Spring Controller
bloid via mularien.com
Interestingly, a month or so after I posted my 5 Minute Guide to Spring Security 2, a commonly asked question was asked on the Spring forums. I... more »
0 commentsSave Tags: frameworks, java, security
Understanding OpenID
Understanding OpenID - from basics to advanced topics
1 commentsSave Tags: security
OpenID Is Here... Too Bad Users Can't Figure Out How It Works
bloid via webmonkey.com
Imagine a much friendlier internet, one where you only have to remember one password. A place where it’s easy to keep a tight grip on your personal... more »
4 commentsSave Tags: opinion, security, standards, usability
MD5 Encrypt a Password String
Never store passwords as plain text. Here is a simple function that will take a string and make it into an MD5 encryption, making the world a more... more »
2 commentsSave Tags: .net, how-to, security
Why Google Forked OpenID and Other Stories
bloid via 25hoursaday.com
The more I learn about OpenID, the more it reminds me of XML in that it is a suboptimal solution to the primary problem people are using it to solve.... more »
2 commentsSave Tags: opinion, security, standards
Set PHP Values Using .htaccess
Did you know that you can set php.ini values right inside the .htaccess file? It’s actually very easy.
2 commentsSave Tags: php, security, server, tools
Script kiddies have awesome tools
About 10 years ago a friend of mine showed me an exploit. It was written in C and it tried to spawn a shell at a remote host. It seemed pretty cool. I... more »
3 commentsSave Tags: php, security
OpenSSL on WINDOWS
This post explains all the steps you need to create your own CA.
0 commentsSave Tags: security, tools
PHP Tutorials Utopia: 13 Vital PHP skills for every novice PHP developer and solutions
Today, I’m going to write about PHP, The most popular server-side scripting language. There are lots of articles & tutorials online that help novice... more »
0 commentsSave Tags: how-to, php, security, xml
Authgasm released! Rails authentication done right.
bloid via binarylogic.com
The last thing we need is another authentication solution for rails, right? That's what I thought. It was disappointing to find that all of the... more »
3 commentsSave Tags: frameworks, ruby, security
Microsoft Jumps on OpenID Bandwagon
bloid via sitepoint.com
Now is OpenID finally mainstream? Microsoft announced today that it will be enabling all Windows Live ID accounts — of which there are some 420... more »
0 commentsSave Tags: frameworks, microsoft, news, security
Web Application Security Best Practices
Common practices which should be followed to enhance the security of any web application.
2 commentsSave Tags: database, methodology, php, security
Bootstrap PHP code
PHP source code for HTTP requests funneling, used with mvc style web applications and Apache's mod rewrite. Breaks down the uri request and assigns... more »
0 commentsSave Tags: frameworks, php, security, web 2.0
Google App Engine: Announcing HTTPS support for appspot.com!
bloid via googleappengine.blogspot.com
One of the most frequently requested features for App Engine has been HTTPS serving capabilities. Today we're excited to announce that App Engine now... more »
0 commentsSave Tags: announcement, security, server
'Hidden field' Captchas are crazy talk!
I was never a fan of 'hidden field' CAPTCHAs and behaviour from my log files may show that this practice can be considered 'broken'.
0 commentsSave Tags: css-html, security
Unlocking the Secrets of the Java Cryptography ExtensionsBasics
Learn about cryptography and how to encrypt and decrypt data with the Java Cryptography Extension.
0 commentsSave Tags: how-to, java, security
Authentication for GWT based applications on Google App Engine
there is a way to use Java together with Google App Engine: GWT together with python-gwt-rpc. Although python-gwt-rpc has it's own means to allow... more »
0 commentsSave Tags: java, javascript, python, security
Do we really need to say goodbye to MD5’s?
And on to MD5 collisions – in a previous post, I mentioned that all MD5 collisions which have thus far been documented have been “forced” and have not... more »
3 commentsSave Tags: opinion, reviews, security
Glassfish and OpenID
bloid via www-02.imixs.com:8081
Currently I am working on a solution to authenticate users with an OpenID in a JEE Application running on Glassfish. I need this Integration for a... more »
0 commentsSave Tags: frameworks, java, security, server
Hashing and Salting Passwords with Spring Security 2
Use Spring Security 2 to store your user passwords securely, and authenticate against the secured passwords. This is a companion article to my "Store... more »
0 commentsSave Tags: how-to, java, open source, security
Secure MySql replication between colos over an ssh tunnel
Replicate MySql over an ssh tunnel between separate colos.
0 commentsSave Tags: database, how-to, security
How To: Acegi/Spring Security Integration and JSF Login Page
Everyone seems to be going through hell to get a fully functional JSF login page working with Spring Security (formerly Acegi,) and yes, I did too,... more »
1 commentsSave Tags: frameworks, how-to, java, security
sqlmap: a SQL injection tool
bloid via sqlmap.sourceforge.net
sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web... more »
1 commentsSave Tags: database, python, security, tools
