pf » Archives for June, 2006

SecGuru has posted a cheat sheet for Web Application Security. There is also an earlier version of the cheat sheet as well.

This is a handy reference, but it is good to keep in mind that no book, or article about security is ever exaustive or conclusive.

Here is something I hadn't ever pondered: the tradeoff between usability and user experience:

Freeways are usable, since they take you from A to B in the most effortless way. But they are also utterly boring. A twisting mountain road on the other hand is exiting. But far from usable.

Ivan Ristic has posted a proposal on his blog called: Secure Browsing Mode [PDF].

In the document Ivan lists some of the possible effects of his proposal:

Eliminate Cross-Site Request Forgery.

Eliminate off-domain information leakage.

Here's a quick example of some coldfusion code to make a pie chart.

Credit card information should be kept in a physical secure location separate from your other servers with armed guards in front of it (I am not kidding)...

I ran into a funny problem today that had to do with the Autocomplete feature in Firefox. If I had autocomplete turned off on my computer it would have been very hard to debug this issue, but I quickly realized that autocomplete was the problem.

Need to know how to make text all uppercase or in all caps with CSS? Add the following to your CSS stylesheet:

div.uppercase { text-transform: uppercase; }

That will take all the letters and capitalize them.