Posted by Mike on Jan 13th, 2009
A new list of the most dangerous programming mistakes was released today by SANS Institute. This is a great followup to the OWASP Top 10. The list of potential application security flaws is broken up into three sections, one for dealing with each of application component interaction, resource management, and weak defenses.
CATEGORY: Insecure [...]
Posted by Mike on Sep 22nd, 2008
Sometimes the need arises to pass a python list, tuple, dictionary, etc. from one page to another. If you do not have a session service to hold it, the object may need to pass through a HTTP request (in cookie or get/post param), opening the possibility of tampering. Without some precautions, a serious [...]
Posted by Mike on Sep 17th, 2008
I’ve got some ideas that I need to find time to work on. In no particular order:
Port MockMe to the Dojo javascript framework
Utilize browser history sniffing to build a generalized user segmentation framework
Write a Ubiquity plugin for spreeder (to easily speed read a page in Firefox)
Port OWASP’s AntiSamy project to Python, to provide comprehensive [...]
