How to Break Web Software
There is a good presentation on Google Video called How To Break Web Software - A look at security vulnerabilities in web software given by Mike Andrews to Google staff. Mike's book also happens to be called How to break web software.
I really liked the session hi-jacking part of the talk, he showed a tool that visualizes the entropy (or randomness) of your session id's. An attacker can then look for weaknesses in the algorithm to guess session id's.
He also does a good job explaining why you should be concerned about XSS.
- Announcing Web Application Firewall for ColdFusion - July 9, 2007
- Web Application Vulnerabilities trump Buffer Overflows - November 2, 2006
- Firefox Aurora now Supports Content Security Policy 1.0 - May 31, 2013
- HackMyCF Scanner Updated - February 1, 2011
- Path Traversal Vulnerability Security Hotfix for ColdFusion Released - August 12, 2010
- Redirect www and non https in IIS using web.config
- Not authorized to perform: ssm:GetParameters
- What is the difference between ASCII Chr(10) and Chr(13)
- Fixinator and Foundeo Security Bundle
- Running CFML on AWS Lambda with FuseLess Slides
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2