Posts Index

A few dusty posts remain in the archive. If you’re interested in ASW episodes, check out this index.

How I Conduct Podcast Prep Calls
Feb 3, 2023
Some Appsec Haikus
Dec 15, 2022
The Fourth Year of the Fourth Edition
Jan 14, 2018
A Week of Security Should Last All Year
Jul 24, 2017
I'll ne'er look you i' the plaintext again
May 3, 2016
You've Violated APE Law!
Mar 18, 2016
Laws of Magic, Technology, and Appsec
Feb 12, 2016
Bad Code Entitles Good Exploits
Sep 9, 2014
A Monstrous Confluence
May 10, 2014
Soylent Grün ist Menschenfleisch
Dec 27, 2013
Selector the Almighty, Subjugator of Elements
Dec 3, 2013
A Default Base of XSS
Oct 21, 2013
On a Path to HTML Injection
Sep 25, 2013
DRY Fiend (Conjuration/Summoning)
Aug 27, 2013
Two Hearts That Beat As One
Jun 24, 2013
A True XSS That Needs To Be False
Jun 18, 2013
A Hidden Benefit of HTML5
Jun 14, 2013
JavaScript: A Syntax Oddity
Jun 5, 2013
The Wrong Location for a Locale
Mar 28, 2013
Insistently Marketing Persistent XSS
Mar 21, 2013
Plugins Stand Out
Mar 14, 2013
Condign Punishment
Mar 5, 2013
Implicit HTML, Explicit Injection
Feb 5, 2013
Know Your JavaScript (Injections)
Jan 23, 2013
A Lesser XSS Attack Greater Than Your Regex Security
Jan 14, 2013
TOCTOU Twins
Dec 26, 2012
HIQR for the SPQR
Dec 5, 2012
Escape from Normality
Oct 2, 2012
My Zombie Incursion into Amazon.com
Sep 21, 2012
LinkedIn, HashedOut
Jun 7, 2012
Design vs. Implementation
Jun 5, 2012
O[Utf-8]12
Mar 6, 2012
The Twelve Web Security Truths
Nov 16, 2011
Will the Real APT Please Stand Up?
Jun 16, 2011
Advanced Persistent Ignorance
Apr 14, 2011
Electric Skillet
Dec 11, 2010
Carborundum Saw
Dec 11, 2010
Regex-based security filters drift without anchors
Jun 15, 2010
Cross-Site Tracing (XST): The misunderstood vulnerability
May 18, 2010
At about this time...
May 8, 2010
Is a vuln without a useful exploit still a vuln?
May 7, 2010
Primordial cross-site scripting (XSS) exploits
Feb 19, 2010
Earliest(-ish) hack against web-based email
Jan 4, 2010