About two weeks ago I wrote to the OWASP Leaders mailinglist the following proposal:

Hi everyone,
a working colleague of mine, just pointed me to a project called “Planet”. With something like this it would be possible to catch all the news by OWASP related people, written in their own blogs, even if they don’t use an [...]

Many people tried to compare buffer overflows (BOF) with XSS and even the new XSS Book has the subtitle “XSS Is the New Buffer Overflow, JavaScript Malware Is the New Shell Code”. The conclusion’s most of the time, that there are many similar things but the most important difference is, that XSS vulnerabilities are much [...]

Christian Matthies aka. christ1an has announced the first public release of the so called PHPIDS which was written by him, Mario Heiderich and Lars Strojny.
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious [...]

Today I received the following mail over the Full Disclosure mailinglist and it’s of course just for fun but exactly because of this I’d like to share it with the readers of my blog
Dear list,
You asked for it, and we delivered! Due to the increased demand
for more “Month of” projects, and the growing [...]

Over a month ago I wrote a blog posting called “Protect your Web Applications through Encryption” in which I started to talk about “crypto-defense” for web applications or better say, I started with it one posting before where I wrote about “Secure Data Transfer over HTTP without SSL“. The basic idea was very simple, I [...]