Web Application Security Cheat Sheet

web SecGuru has posted a cheat sheet for Web Application Security. There is also an earlier version of the cheat sheet as well.

This is a handy reference, but it is good to keep in mind that no book, or article about security is ever exaustive or conclusive.

This entry was:

Usability vs User Experience

misc Here is something I hadn't ever pondered: the tradeoff between usability and user experience:

Freeways are usable, since they take you from A to B in the most effortless way. But they are also utterly boring. A twisting mountain road on the other hand is exiting. But far from usable.

This entry was:

Secure Browsing Mode

web Ivan Ristic has posted a proposal on his blog called: Secure Browsing Mode [PDF].

In the document Ivan lists some of the possible effects of his proposal:

Eliminate Cross-Site Request Forgery.

Eliminate off-domain information leakage.

This entry was:

CFCHART Example - Pie Chart

coldfusion Here's a quick example of some coldfusion code to make a pie chart.

This entry was:

Amazon CTO on Security

web Credit card information should be kept in a physical secure location separate from your other servers with armed guards in front of it (I am not kidding)...

This entry was:

Watch out for Autocomplete

web I ran into a funny problem today that had to do with the Autocomplete feature in Firefox. If I had autocomplete turned off on my computer it would have been very hard to debug this issue, but I quickly realized that autocomplete was the problem.

This entry was:

CSS Uppercase / All Caps

web Need to know how to make text all uppercase or in all caps with CSS? Add the following to your CSS stylesheet:

div.uppercase { text-transform: uppercase; }

That will take all the letters and capitalize them.

This entry was:


did you hack my cf?