How to Break Web Software
There is a good presentation on Google Video called How To Break Web Software - A look at security vulnerabilities in web software given by Mike Andrews to Google staff. Mike's book also happens to be called How to break web software.
I really liked the session hi-jacking part of the talk, he showed a tool that visualizes the entropy (or randomness) of your session id's. An attacker can then look for weaknesses in the algorithm to guess session id's.
He also does a good job explaining why you should be concerned about XSS.
Like this? Follow me ↯Tweet Follow @pfreitag
How to Break Web Software was first published on April 21, 2006.
If you like reading about security, xss, vulnerabilities, video, or google then you might also like:
- Announcing Web Application Firewall for ColdFusion
- Web Application Vulnerabilities trump Buffer Overflows
- Firefox Aurora now Supports Content Security Policy 1.0
- HackMyCF Scanner Updated
- Path Traversal Vulnerability Security Hotfix for ColdFusion Released
- Using AntiSamy with ColdFusion
- Risks of FCKeditor Vulnerability in ColdFusion 8
- Tips for Secure File Uploads with ColdFusion
Want Security Advisories via Email?
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).