Thursday, 3rd July 2008
ratproxy. “A semi-automated, largely passive web application security audit tool”—watches you browse and highlights potential XSS, CSRF and other vulnerabilities in your application. Created by Michal Zalewski at Google. # 2:35 pm
IE8 Security Part IV: The XSS Filter (via) IE8 will include an XSS filter to identify and neutralise “reflected” XSS attacks (where malicious code in a query string is rendered to the page), turned on by default. Sounds like a good idea to me, and site authors can disable it using Yet Another Custom HTTP header (X-XSS-Protection: 0). # 9:37 am
Portable Social Networks, The Building Blocks Of A Social Web. Ben Ward’s tour de force of practical tools and techniques for building out the distributed social web, using XFN and hCard to represent the data. If you only read one article on portable social networks, make it this one. # 9:08 am