Firefox 3.5 Introduces Origin Header, Security Features

web FireFox 3.5 was just released about a half hour ago. You can checkout all the new features for web developers here.

For me, as someone that does a lot of security research one of the most interesting new features is the Origin http header that FireFox 3.5 now sends.

This entry was:

Announcing Web Application Firewall for ColdFusion

coldfusion I'm proud to announce a Web Application Firewall for ColdFusion, a new product that I have been working on. This product detects malicious requests (such as SQL Injection, Cross Site Scripting, etc) and then logs, filters, or blocks the request.

This entry was:

The Dangers of Flash's crossdomain.xml

web PHP security guru Chris Shiflett has a great post about the dangers of Cross Domain Flash. If you have implemented a crossdomain.xml file you will want to read his post.

If you have a crossdomain.

This entry was:

MySpace Hacked with CSRF and XSS

web It seams that someone recently hacked, the ColdFusion powered community site with millions of users.

This entry was:

Cross Site Request Forgery (CSRF) Attacks

web I found a site that has some good security tips for web developers. It mentions one type of attack that doesn't get much attention - called Cross Site Request Forgery (CSRF).

This entry was:


did you hack my cf?