When you are using csrfGenerateToken and csrfVerifyToken with unique categories, the token that is generated remains valid until another token is generated with the forceNew argument set to true.

FireFox 3.5 was just released about a half hour ago. You can checkout all the new features for web developers here.

For me, as someone that does a lot of security research one of the most interesting new features is the Origin http header that FireFox 3.5 now sends.

I'm proud to announce a Web Application Firewall for ColdFusion, a new product that I have been working on. This product detects malicious requests (such as SQL Injection, Cross Site Scripting, etc) and then logs, filters, or blocks the request.

PHP security guru Chris Shiflett has a great post about the dangers of Cross Domain Flash. If you have implemented a crossdomain.xml file you will want to read his post.

If you have a crossdomain.

It seams that someone recently hacked myspace.com, the ColdFusion powered community site with millions of users.

I found a site that has some good security tips for web developers. It mentions one type of attack that doesn't get much attention - called Cross Site Request Forgery (CSRF).