Subscribe: RETURN $ecure;
http://kyran.wordpress.com/feed/
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
application security  application  average user  csrf  kyran  password  reading  recently  security  sites  slackers irc  web application  web 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: RETURN $ecure;

RETURN $ecure;



Security, Technology and Life



Last Build Date: Mon, 09 Apr 2018 21:32:47 +0000

 



PowWeb passwordsKyran

Tue, 20 May 2008 16:09:39 +0000

Just another rant about a remotely possible scenario. Earlier this week I had forgotten the password to the control panel of one of my sites. I went to recover the password and found out to my dismay, that you can use domains to actually change the password. I was curious so I put my domain […]


Media Files:
http://1.gravatar.com/avatar/13d2bf0c2c8f1299bf7c4b3e64be3aec?s=96&d=identicon&r=G




Enabling CSRFKyran

Sat, 03 May 2008 02:34:12 +0000

There was some talk on the WASC mailing list about CSRF recently, specifically with how to defeat tokens/nonce-based defenses. I have wanted to write about this for awhile but haven’t had the time. A quick rundown of the threads; people simply claimed that using XSS and other attacks to perform CSRF was the way to […]


Media Files:
http://1.gravatar.com/avatar/13d2bf0c2c8f1299bf7c4b3e64be3aec?s=96&d=identicon&r=G




90% Exploitable – Is this progress?Kyran

Thu, 10 Apr 2008 08:19:59 +0000

It’s been nearly three years since many of us estimated that 9 out of 10 sites had at least one flaw while most had more. I have not been to active in the security world as of late ( though this will change soon! ), but I would have hoped we would have made some […]


Media Files:
http://1.gravatar.com/avatar/13d2bf0c2c8f1299bf7c4b3e64be3aec?s=96&d=identicon&r=G




CSRF ramblingsKyran

Tue, 19 Feb 2008 02:41:28 +0000

I was reading over this post by Robert Hansen of SecTheory just after reading a post of mine about Opera phone integration. It got me to thinking, specifically this part. It will also have phone to tag support, which basically turns any numbers formatted like a phone number into a link, when it’s clicked the […]


Media Files:
http://1.gravatar.com/avatar/13d2bf0c2c8f1299bf7c4b3e64be3aec?s=96&d=identicon&r=G




Enabling UrchinKyran

Fri, 04 Jan 2008 00:27:55 +0000

Urchin, more commonly known as Google Analytics; is a web analytics software that measures many statistics and helps you to understand them by presenting the results in various ways. It’s also closely tied to Google AdWords now. But as it becomes more well known, people that are concerned about privacy and targeted advertising are blocking […]


Media Files:
http://1.gravatar.com/avatar/13d2bf0c2c8f1299bf7c4b3e64be3aec?s=96&d=identicon&r=G




UserJS URL SanitizingKyran

Thu, 22 Nov 2007 01:03:18 +0000

I was reading a post by RSnake over at Darkreading and got to thinking about client-side security.  There seems to be very little we can do against most things for the average user. NoScript is fine for a tech-minded individual, but the average user will probably forget about it and wonder why a site is […]


Media Files:
http://1.gravatar.com/avatar/13d2bf0c2c8f1299bf7c4b3e64be3aec?s=96&d=identicon&r=G




Mobile Zombies, XSSWW, hack the planet?Kyran

Thu, 15 Nov 2007 03:02:28 +0000

Warning, this post may be long, rant-like and totally off-target. 😛 While using bi-directional persistent communication channels to control browsers isn’t anything new,  nor is the  concept of a Cross Site Scripting Warhol Worm, but recently I have been thinking about them again. First off, earlier I was discussing in the #slackers irc channel, a […]


Media Files:
http://1.gravatar.com/avatar/13d2bf0c2c8f1299bf7c4b3e64be3aec?s=96&d=identicon&r=G




WASWiki and my return.Kyran

Wed, 14 Nov 2007 06:35:02 +0000

I was going to originally post about ideas for learning grounds for web application security. But the sla.ckers IRC(#slackers on irc.irchighway.net), pointed me first to OWASP. I realized this was quite a goldmine of information already, but it doesn’t seem too newb friendly, plus much of it seems to be theory more than direct examples. […]


Media Files:
http://1.gravatar.com/avatar/13d2bf0c2c8f1299bf7c4b3e64be3aec?s=96&d=identicon&r=G




The Murky Science of Web Application SecurityKyran

Mon, 14 May 2007 18:00:37 +0000

Jeremiah had a talk with Simson Garfinkel about Web Application Security recently. You can read Jeremiah’s post here and the full article here. There is nothing new at all from a security perspective in this article, but it really lives up to it’s name as an introduction to Web App Sec. It points out a few things we already knew, such as the scary fact that up to 80 percent of all websites suffer from some sort of vulnerability. The ones that don’t are mostly static html sites and have no complex backend, ‘brochure-ware’ as the article calls it. It also elaborates on some of the issues that […]


Media Files:
http://1.gravatar.com/avatar/13d2bf0c2c8f1299bf7c4b3e64be3aec?s=96&d=identicon&r=G




Opera to support HttpOnlyKyran

Thu, 10 May 2007 20:37:43 +0000

Heya. I haven’t blogged in awhile but I do want to start getting back into it. So, we’ll start with something small. I read this article the other day about updates coming to Opera in 9.5 and was pleasantly suprised to read that it will support HttpOnly cookies. Now, if you don’t know what that is I’ll give a quick run-down. Normally, cookies are able to be accessed through scripts with things like document.cookie in […]


Media Files:
http://1.gravatar.com/avatar/13d2bf0c2c8f1299bf7c4b3e64be3aec?s=96&d=identicon&r=G