November 2007 - Posts

JavaScript strings immutable in Rhino???
28 November 07 06:19 AM | Billy | 1 Comments   
Update: Hmmm. I think I'm looking at the wrong thing. This needs more testing/tracing to see exactly whats going on. Just a quick update from yesterday's post . It appears that Mozilla Rhino (a JavaScript interpreter written in Java) uses Java's Read More...
[snarfs coffee]... wait, What are you doing?
27 November 07 08:13 AM | Billy | 6 Comments   
While reading through an article about Firefox 3 on Security Focus today I snarfed my drink when I read the following passage: The group also rewrote the Password Manager in JavaScript from C++ to eliminate memory errors, Schroepfer said. Digging a little Read More...
Digging into ASP.NET RegEx Validators
20 November 07 02:01 PM | Billy | 1 Comments   
RegEx Validators are handy for implementing Whitelist input validation (our DevInspect product has a library of a hundred or so) so it pays to see what they actually do under the covers. The following code is from the class System.Web.UI.WebControls.RegularExpressionValidator Read More...
Analysis of Larry Suto's comparative case study
12 November 07 10:52 AM | jbforristal | 2 Comments   
[ Update: PDF attachment download is working now] In October 2007, Larry Suto released a case study entitled “Analyzing the Effectiveness and Coverage of Web Application Security Scanners,” available for reading at http://www.stratdat.com/webscan.pdf Read More...
Attachment(s): Suto_review_FINAL.pdf
Ajax Security more than Increased Attack Surface
07 November 07 12:29 PM | Billy | 3 Comments   
I got an email from Christ1an the other day asking me what Ajax Security was all about. I was just going to send him the table of contents to the book, but I thought it might be educational to see how the components of Ajax security relate, and where Read More...