Security usability and accessibility

Recently security and accessibility issues have become an important topic to me. Although I had always considered accessibility and more specifically usability important in my designs, since I’m now down to one active hand two to a surgery on the other hand, I am now…

Read more

Creating a Web security testing policy

If you’re reading this blog, Web security testing is undoubtedly on your radar. You may have an ongoing process for testing Web vulnerabilities but do you actually have a policy for it? I’m all about keep things simple with security and, when you think about…

Read more

The road to glory, from XSS to Root on apache.org

On the 9th of April 2010, Apache.org infrastructure suffered a direct and targeted attack on the server hosting the Apache issue-tracking software, Atlassian JIRA.  This is the second major compromise the Apache Software Foundation suffered in less than a year, when last August, the main…

Read more

Fighting Web flaws is futile

Do you ever find yourself driving down the road in an unfamiliar place and you get that gut feeling that you’re headed in the wrong direction? Well, I feel that’s exactly where we are with application security – heading in the wrong direction. First off,…

Read more

The top Web vulnerability we face

I recently took some time off which gave me the opportunity to clear my head and think about some of the big issues we’re facing with Internet security. I thought if I had to pick one thing, what would be the greatest Web vulnerability out…

Read more