Once more this is just an information for the readers of my blog. Yesterday Ronald van den Heetkamp has published a blog posting about what Cross Site Request Forgeries aka CSRFs are. From my point of view it’s the best explanation on this attack class on the Internet. Great job Ronald You can find the [...]

From time to time, I’m reading the latest changes on the wiki at owasp.org so that I don’t miss any news. Today there was something really strange in the change history. At the OWASP Papers Section a guy named UzMan (Wiki username was “Ukehmf231″) has “hacked” this page: See the “hacked” page here OK, what [...]

Just as an information: The last days disenchant.ch forwarded to an upgrade message because I change that every time when I upgrade my WordPress but this time I forgot to change it back to forwarding to the normal site. Sorry to all of you out there who liked to go to my blog during this [...]

From the 15th-17th May 2007 the 6th OWASP AppSec Conference was held in Milan. For me, it was the first OWASP conference and so I was really looking forward to it and was curious about it. Now the conference is finished and I really have to say that it was the best conference I’ve ever [...]

Today I’ve got a mail through one of the thousands of mailinglists I’m subscribed to and hey, the linked article in this mail is from my point of view about one of the most stupid ideas ever. The link pointed to http://www.foreignpolicy.com/story/cms.php?story_id=3798 where Mikko Hypponen, chief research officer at F-Secure wrote an article about a [...]

A few days ago, RSnake wrote a blog posting about a Firefox extension called ”XSS Warning“ which was written by Gianni Amato. The idea of the extension is quiet simple because all it does is just analyze the URL ind the URL bar when you start the request. Gianni did all of this with just [...]