How to Break Web Software
By Pete Freitag
There is a good presentation on
Google Video YouTube called How To Break Web Software - A look at security vulnerabilities in web software given by Mike Andrews to Google staff. Mike's book also happens to be called How to break web software (ISBN 0321369440).
I really liked the session hi-jacking part of the talk, he showed a tool that visualizes the entropy (or randomness) of your session id's. An attacker can then look for weaknesses in the algorithm to guess session id's.
He also does a good job explaining why you should be concerned about XSS.
How to Break Web Software was first published on April 21, 2006.
If you like reading about security, xss, vulnerabilities, video, or google then you might also like:
- Announcing Web Application Firewall for ColdFusion
- Web Application Vulnerabilities trump Buffer Overflows
- Lucee RCE Vulnerabilities February 2024
- Firefox Aurora now Supports Content Security Policy 1.0
Weekly Security Advisories Email
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).