Last week was the third OWASP Switzerland Local Chapter meeting which was a great success and so I’ll also post my summary which I already sent out to our mailinglist here into my blog because this way perhaps some other interested people will join us at the next meeting
Hi everyone,
for those of you [...]

People may ask me, what’s up with my risk metrics research because I wrote several times, that I’m working on such stuff. It’s true that I’m still working on that because I really love that topic but it has a very low priority in my actual research time. I’ve some ideas which I think that [...]

Perhaps a few people out there who read my blog periodical noticed that this week there wasn’t any activity from my side. This was because I was teaching an IT security training course with web application security as the principal topic. For me it was very special because the students where at the age of [...]

The next OWASP Europe Application Security Conference will be held in Milan, Italy on May 15th-17th 2007 and it will be the first OWASP conference where I’ll be present. Unfortunately I missed the CfP and so I can’t have a speech there but I think even to hear other presentations and meet cool people is [...]

On Tuesday this week, the Web Application Security Consortium (WASC) has released a new project, which they call “Web Application Security Statistics Project“. The goal of this project is to better understand the web application vulnerability landscape, which I think is a very good goal because even after years most “normal” people and even [...]

Today a working colleague of mine pointed me to a nice behaviour in Google Maps. When we search for the best way from Berne to New York, we get a very interesting advice what we should do.

Try it yourself here and who knows, perhaps one day I’ll come to New York

Yesterday pdp from gnucitizen.org wrote once again a very interesting blog posting. He found out, that the widely used Firefox extension called Firebug has a vulnerability which allows an attacker to execute his own JavaScript code. Yes I know, we’ve talked about XSS and all that stuff many times but this vulnerability is much more [...]

As I already wrote in my last blog posting named “Secure Data Transfer over HTTP without SSL” I’d like to show you how we can protect our web applications a little bit more then we already but for this time it’s not about filtering, it’s about cryptography and I think this is only the beginning [...]

First I’d like to start with a part of the story, which shows you where I get my idea from:
Romain Gaucher posted an interesting idea about Obfuscation and Spam Bots in his blog and said, that his basic idea of reversing the form field names in combination with a Vigenère cipher algorithm implementation in Javascript [...]