The Fourth Year of the Fourth Edition

One Week Lasts All Year

Builder, Breaker, Blather, Why.

I'll ne'er look you i' the plaintext again

You've Violated APE Law!

Bad Code Entitles Good Exploits

A Monstrous Confluence

Audit Accounts, Partition Passwords, Stay Secure

Soylent Grün ist Menschenfleisch

Selector the Almighty, Subjugator of Elements

A Default Base of XSS

DRY Fiend (Conjuration/Summoning)

...And They Have a Plan

The Resurrected Skull

Two Hearts That Beat As One

A True XSS That Needs To Be False

A Hidden Benefit of HTML5

JavaScript: A Syntax Oddity

The Wrong Location for a Locale

Insistently Marketing Persistent XSS

Plugins Stand Out

Condign Punishment

Implicit HTML, Explicit Injection

Know Your JavaScript (Injections)

User Agent. Secret Agent. Double Agent.


HIQR for the SPQR

Escape from Normality

Password Interlude in D Minor

LinkedIn, HashedOut


Parsing .NET ViewState

Will the Real APT Please Stand Up?

A Spirited Peek into ViewState, Part II

A Spirited Peek into ViewState, Part I

CSRF and Beyond

Electric Skillet

Carborundum Saw

Regex-based security filters sink without anchors

At about this time...

Is a vuln without a useful exploit still a vuln?

30% of the 2010 OWASP Top 10 not common, only 1 not hard to detect

Primordial cross-site scripting (XSS) exploits

The alien concept of password security