Random encounters for infosec, music, horror, movies, RPGs, and more.

Check out the Application Security Weekly podcast.

Posts below have been edited and updated from their original version. More entries are in the archive.

Posts

• February 12, 2016

  Laws of Magic, Technology, and Appsec

• January 14, 2013

  A Lesser XSS Attack Greater Than Your Regex Security

• September 21, 2012

  My Zombie Incursion into Amazon.com

• June 5, 2012

  Design vs. Implementation

• November 16, 2011

  The Twelve Web Security Truths

• April 14, 2011

  Advanced Persistent Ignorance

• May 18, 2010

  Cross-Site Tracing (XST): The misunderstood vulnerability

• January 4, 2010

  Earliest(-ish) hack against web-based email

subscribe via RSS