In my posting “Article on the OWASP Top 10 (in German)” I wrote, that there is an article/translation on/of the OWASP Top 10 in German of mine in the newsletter of the Security-Zone, which is the most important IT security event we’ve got here in Switzerland. Now I get a request from the well known [...]

Below you’ll find some of the actual projects I’m working on: Developing Firefox Extensions (70%) – Paper Because even most of the developers I know have no clue on how to build extensions for the Firefox web browser and because I don’t know of any easy and basic level tutorial, I started to write a [...]

Today I came across the user profile of Foz at the wiki of the Chaos Communication Camp 2007. He’s done a really nice way of hiding his mail address from spam bots (I’ve done it now with my own address): ruby -e 'puts "h!c!.!t!n!a!h!c!n!e!s!i!d!@!h!c!s!t!e!v!.!n!e!v!s".split("!").join.reverse' Of course no normal or better say “non-geek” person will be able to contact [...]

Attention: If Acunetix is an OWASP member but for any reasons is not listed on the OWASP website, everything’s OK from my point of view and this posting is irrelevant at all. But I found no information about an OWASP membership by Acunetix on the Net. Also I’m not a lawyer so the following posting [...]

As I already wrote in my last post “OWASP Switzerland goes Public“, there will be an article of mine about the OWASP Top 10 in the next newsletter of the Security-Zone. It’s more or less a translation of the summary of each point out of the original (English) OWASP Top 10. Today, this newsletter went [...]

As you might know, the OWASP Switzerland Local Chapter (re-)started at the 11. November 2006 and up to then from my point of view it’s a success story. For example we had two slots at the Tweakfest 2007 where we talked about the OWASP at all and also presented the OWASP Top 10. Unfortunately there [...]

Today I was surfing the Net and I’ve found something really interesting which I never had the time to have a deeper look on but where I think are many ways of exploiting such stuff, I’m talking about registered URIs in web browsers. For example we all know about http://, ftp://, file:// and some more [...]

Rosario Valotta wrote the first “Cross Webmail Worm” (XWW) as he calls it. This worm let me think back to the Yamanner worm in 2006 which it spread over the Yahoo!-Mail service through a XSS vulnerability in the service. Now, Rosario Valotta did something which’s very similar but he wrote a POC worm called “Nduja” [...]

Last week I was thinking about some new research ideas and I have some stuff which’s (at least from my point of view) really interesting. Something I’d like to present now is Ranum. Today many things are based on random numbers but the problem we have there is, that normal computers can just generate so [...]

About two weeks ago I wrote to the OWASP Leaders mailinglist the following proposal: Hi everyone, a working colleague of mine, just pointed me to a project called “Planet”. With something like this it would be possible to catch all the news by OWASP related people, written in their own blogs, even if they don’t [...]