Book recommendation: Ajax Security by Hoffman and Sullivan
Reviewers overuse the phrase "required reading," but no other description fits the new book "Ajax Security" (2007, Addison Wesley, 470p). This exhaustive tome from Billy Hoffman and Bryan Sullivan...
View ArticleAjax security surprises: web-aggregators, offline applications and frameworks
I’m still absorbing the densely packed information from "Ajax Security," the first-rate book by Billy Hoffman and Bryan Sullivan that I recently recommended in these pages. Here, in no particular...
View ArticleSMash – Something Useful from the OpenAjax Alliance?
In the announcement that the OpenAjax Alliance had released OpenAjax Hub 1.0, and would start to work toward 1.1, there was one thing that caught my interest: the news that 1.1 would support secure...
View ArticleThe Truth About Designing For Security
Security is an area of concern where value and cost are often difficult to estimate. While big mistakes made early on in many areas of an application may prove difficult to correct, this is...
View ArticleApp Security: Throw Out the Org Chart!
“Only administrators can add users– no exceptions! …except Bob in accounting, but that’s because he’s covering for Sally. But only until February. And this sort of arrangement might happen again. But...
View ArticleFirefox Plugin Malware 'Trojan.PWS.ChromeInject.A'
You knew it had to happen. Malware for Firefox. It happens all the time with IE (so much so that my 17-year-old niece needs a fresh install of Windows every 3 months), but Firefox has been a little...
View ArticleThe Costs of Building Secure Applications
‘Achieving Balance’ by James Jordan Security is unlike other aspects of software in that it follows a steep value curve: either your system is secure, or it is not. Either it provides its full level...
View ArticleAvoid the last minute security review
Photo Credit: Amagill under Creative Commons Attribution Security is hard Security is often an after thought, slated towards the end of a project, or after some big issue has been discovered, but the...
View ArticleWeb app security checklist (Braindump)
In Yesterday’s post I said I’d put together a quick list of things to think about around web application security. This is by no means an exhaustive list, but its a set of categories and things I start...
View ArticleWhat's the best way to programmatically edit a pdf in ruby?
I’ve been doing a good deal of PDF generation in Rails, and had to go through the process of comparing all the available techniques and frameworks in order to find the right solution for my needs. Its...
View Article
More Pages to Explore .....