Here are the slides I used for my presentation at RSA 2011 Europe. The topic was HTML5 with an emphasis on distinguishing between HTML5 features that may present vulnerabilities vs. how HTML5 would simply be leveraged as part of older exploits. It also touches on broader aspects of web security such as design vs. implementation issues, the […]
It’s not quite a Spinal Tap moment, but here’s a curious translation via Google. Here’s the text from the original article1: “Given the types of hacks that made the news in the last 12 months it’s not surprising that SQL Injection is high on the list,” Mike Shema, engineering lead for the Qualys Web application […]
The Advanced Persistent Threat (APT) is now competing with Cyberwar for reign as security word(s) of the year. It would have been nice if we had given other important words like HTTPS1 or Prepared Statements their chance to catch enough collective attention to drive security fixes. Alas, we still deal with these fundamental security problems […]
I have a new article1 on Mashable regarding the importance of having https:// in front of the web sites you visit. I finished that article and its linguistic metaphor a few days before coming across an article2 on El Reg that describes research3 showing the feasibility of identifying language patterns over encrypted channels. One goal […]
DEFCON 18 is coming up from Friday July 30th to Sunday August 1st in Las Vegas. They always have cool badges so you should at least sign up just for that. If badges aren’t enough to whet your appetite, think about how much fun you might have learning about “Securing MMOs: A Security Professional’s View […]
The Tech Herald has an article on the recently updated OWASP Top 10 Web Application Security Risks. The article discusses a little bit of the evolution of the Top 10 list and how one major vulnerability, logic flaws, tends to get hidden behind the noise of SQL injection and XSS. You can find out more […]
In a world where time must be killed and only one man sits in row L… A few days ago I went to see a movie as the Castro Theatre. I arrived early for the show and sat in an empty theater. The mighty Wurlitzer was off for the night so I turned to my […]
Over the next month I will be moving posts from [the old site] to this site, which is why you might notice “new” posts appearing with dates from the past.