AppSec Blog: Daily Archives: May 21, 2009

A Proposal for a PHP "UserData" Class

The title of this blog is "Application Security Street Fighting". It is based on an idea I am pursuing for a while now. The goal is to come up with a set of simple and reproducible techniques to secure applications. Personally, I favor coding in unstructured languages like Perl and PHP for all the wrong … Continue reading A Proposal for a PHP "UserData" Class

Examine HTTP compressed gzip content

For incident handling, forensics or troubleshooting purposes, packet sniffing is often used to understand the information exchange between two hosts. HTTP traffic packets are often sniffed so that the full header and body can be revealed easily, especially on the server side. On the client side, most commonly used technique is to use a proxy … Continue reading Examine HTTP compressed gzip content

Welcome to the new blog!

Welcome to the SANS Application Security Blog. This is a collective effort by SANS web app sec instructors and volunteers to bring you the latest techniques in defending and testing web applications and well as interesting secure development related information. Continue reading Welcome to the new blog!