Posts Index

A few dusty posts remain in the archive. If you’re interested in ASW podcast episodes, check out this index.

• Moving on from the OWASP Top 10
  Mar 30, 2023
• Celebrating Curl's 25th Anniversary
  Mar 20, 2023
• How I Conduct Podcast Prep Calls
  Feb 3, 2023
• Some Appsec Haikus
  Dec 15, 2022
• The Fourth Year of the Fourth Edition
  Jan 14, 2018
• A Week of Security Should Last All Year
  Jul 24, 2017
• Builder, Breaker, Blather, Why
  Mar 20, 2017
• Why You Should Always Use HTTPS
  May 31, 2016
• I'll ne'er look you i' the plaintext again
  May 3, 2016
• You've Violated APE Law!
  Mar 18, 2016
• Laws of Magic, Technology, and Appsec
  Feb 12, 2016
• Bad Code Entitles Good Exploits
  Sep 9, 2014
• A Monstrous Confluence
  May 10, 2014
• Soylent Grün ist Menschenfleisch
  Dec 27, 2013
• Selector the Almighty, Subjugator of Elements
  Dec 3, 2013
• A Default Base of XSS
  Oct 21, 2013
• On a Path to HTML Injection
  Sep 25, 2013
• DRY Fiend (Conjuration/Summoning)
  Aug 27, 2013
• Oh, the Secrets You'll Know
  Aug 20, 2013
• Two Hearts That Beat As One
  Jun 24, 2013
• A True XSS That Needs To Be False
  Jun 18, 2013
• A Hidden Benefit of HTML5
  Jun 14, 2013
• JavaScript: A Syntax Oddity
  Jun 5, 2013
• The Wrong Location for a Locale
  Mar 28, 2013
• Insistently Marketing Persistent XSS
  Mar 21, 2013
• Plugins Stand Out
  Mar 14, 2013
• Condign Punishment
  Mar 5, 2013
• Implicit HTML, Explicit Injection
  Feb 5, 2013
• Know Your JavaScript (Injections)
  Jan 23, 2013
• User Agent. Secret Agent. Double Agent.
  Jan 21, 2013
• A Lesser XSS Attack Greater Than Your Regex Security
  Jan 14, 2013
• TOCTOU Twins
  Dec 26, 2012
• HIQR for the SPQR
  Dec 5, 2012
• Escape from Normality
  Oct 2, 2012
• My Zombie Incursion into Amazon.com
  Sep 21, 2012
• LinkedIn, HashedOut
  Jun 7, 2012
• Design vs. Implementation
  Jun 5, 2012
• O[Utf-8]12
  Mar 6, 2012
• The Twelve Web Security Truths
  Nov 16, 2011
• Will the Real APT Please Stand Up?
  Jun 16, 2011
• Klingon, Quenya, or Sindarin?
  Jun 1, 2011
• CSRF and Beyond
  Apr 26, 2011
• Advanced Persistent Ignorance
  Apr 14, 2011
• Electric Skillet
  Dec 11, 2010
• Carborundum Saw
  Dec 11, 2010
• Regex-based security filters drift without anchors
  Jun 15, 2010
• Cross-Site Tracing (XST): The misunderstood vulnerability
  May 18, 2010
• At about this time...
  May 8, 2010
• Is a vuln without a useful exploit still a vuln?
  May 7, 2010
• Of the 2010 OWASP Top 10, Only 3 Not Common, Only 1 Hard To Detect
  Apr 22, 2010
• Primordial cross-site scripting (XSS) exploits
  Feb 19, 2010
• An Alien Concept of Password Security
  Feb 17, 2010
• Earliest(-ish) hack against web-based email
  Jan 4, 2010
• So...so you think you can tell
  Jul 30, 2008