-
TechCrunch has an article (pointing back to a Russian security company blog post (translated link)), detailing a scan of 2,253,388 web sites which yielded an amazing 3,320 Subversion's .svn directories. In case you're you're not familiar with Subversion, it is a version control system similar to CVS. It's .svn directory is likely to
-
I've tried to keep up with new HTML 5 features, but Billy recently pointed out that INPUT tags have the ability to set regular expression patterns for validation directly in the markup. I think this is nifty and, at least in the demo I tried , a very user-friendly and pretty way to inform the user they've put in a bad value. There are also special
-
For nearly a decade, those of us in web security have been doing a disservice to ourselves and, more importantly, our customers. Like Pavlov, we've trained people to respond to certain stimuli. Rather than a bell, we've relied heavily on the alert() dialog box to prove our point--that cross-site scripting is possible. And why shouldn't we
-
We generally assume proper TCP port validation restricts them from 1 to 65535 (except in some offbeat cases ). With some applications and operating systems, a name can be used to represent a port. For example, on a *nix system, telnet can connect to port 21 with the command “telnet localhost ftp” by looking up “ftp” in /etc/services
-
Over the weekend, someone asked me to help reverse some obfuscated Javascript . He'd gotten it through a link on Twitter, from a corporate blog. It was, of course, using a URL shortening service, making it more difficult to easily see where the destination was (a bunch of ad spam). In this case, it seems likely the poster didn't bother to vet
-
Over at the SEOmozBlog , Danny Dover has a really interesting post about how, and how fast, the news of Michael Jackson's death travelled across the web. I won't go through it here, but it's a fascinating read. Less than an hour after the 911 call the news was appearing on the web. Less than three hours after the call and Twitter was a little
-
Manjunath-- If I understand your question completely, you have a few options with what you could do here. use HttpUtility.HtmlEncode() which will encode the potentially dangerous characters with HTML-encoding. See the Microsoft documentation on it for more information. This will preserve whatever the use entered, but make it "safe" for HTML
-
Corporate web communications have grown from simple web pages to massive and complex applications. The security department has mostly kept up and maintained a secure perimeter—even when that perimeter included outsourced and vendor systems. Contracts were in place, systems were secured, and life was good—even when the executives had their
-
In Part 1 of the series on interesting headers, I talked about leaking hostnames. In Part 2 , it was PHP errors. In Part 3 I bring you... the funny stuff. Not funny, like how Mark Mcgwire's rookie card is now $5 on ebay compared to the hundreds it once was (and that I have 5 of them for some reason), but funny like watching a 1984 episode of Miami
-
While my rookie Mark McGwire cards aren't appreciating at all, my header collection is. Check these actual headers out: php warning: Unknown(): Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20020429/mysql.so' - Cannot open "/usr/local/lib/php/extensions/no-debug-non-zts-20020429/mysql.so" in Unknown