During a recent mobile security engagement, I discovered an Insecure Redirect vulnerability in the LinkedIn OAuth 1.0 implementation that could allow an attacker to conduct phishing attacks against LinkedIn members. This vulnerability could be used to compromise LinkedIn user accounts, and gather sensitive information from those accounts (e.g. personal information and credit card numbers). The … Continue reading LinkedIn OAuth Open Redirect Disclosure
For the second year in a row Jim Bird and I have helped SANS put together a "Survey on Application Security Programs and Practices". We asked some of the same questions as the previous year, just in a different way. Some interesting trends this year, as taken from the executive summary of the soon to … Continue reading Survey on Application Security Programs - Webcast and Paper
I was lucky to be allowed to present about how to use HTML5 to improve security at the recent OWASP APPSEC USA Conference in New York City. OWASP now made a video of the talk available on YouTube for anybody interested. http://www.youtube.com/watch?v=fzjpUqMwnoI Continue reading HTML5: Risky Business or Hidden Security Tool Chest?
[This is a cross post from https://isc.sans.edu ] Earlier this week, an update for Media-Wiki fixed a bug in how it used caching headers . The headers allowed authenticated content to be cached, which may lead to sessions being shared between users using the same proxy server. I think this is a good reason to … Continue reading The Security Impact of HTTP Caching Headers
Eric Johnson is an instructor with the SANS Institute for DEV544: Secure Coding in .NET: Developing Defensible Applications, and an information security engineer at a financial institution, where he is responsible for secure code review assessments of Internet facing web applications. Eric has spent nine years working in software development with over five years focusing … Continue reading WhatWorks in AppSec: ASP.NET - Defend Against Cross-Site Scripting Using The HTML Encode Shortcuts