I was lucky to be allowed to present about how to use HTML5 to improve security at the recent OWASP APPSEC USA Conference in New York City. OWASP now made a video of the talk available on YouTube for anybody interested. http://www.youtube.com/watch?v=fzjpUqMwnoI Continue reading HTML5: Risky Business or Hidden Security Tool Chest?
We have to make it easier for developers to build secure apps, especially Web apps. We can't keep forcing everybody who builds an application to understand and plug all of the stupid holes in how the Web works on their own - and to do this perfectly right every time. It's not just wasteful: it's … Continue reading Safer Software through Secure Frameworks
Originally posted as Taming the Beast The recent multi-language numerical parsing DOS bug has been named the "Mark of the Beast". Some claim that this bug was first reported as early as 2001.This is a significant bug in (at least) PHP and Java. Similar issues have effected Ruby in the past. This bug has left … Continue reading Taming the Beast - The Floating Point DoS Vulnerability
The author discussion integers, wraparound and how random numbers may very much be non random if you don't know how to read the manual. Continue reading Top 25 Series - Rank 17 - Integer Overflow Or Wraparound
Do we need a quick and dirty PHP Streetfighter API? Something to help lazy developers beat up lazy exploits? Something that can be written in 24hrs and learned in less then 1hr? If you are interested in using it, let me know. Continue reading What should be part of a PHP Streetfighter API