Tag: security

CodeIgniter XSS Protection is good, but not enough by itself.

I have been looking at CodeIgniter lately mainly because a lot of my colleagues are using it already. As with most frameworks, I usually start using the framework in a project and then as I am developing the application, I notice some issues with the framework. One such case is with CodeIgniter’s built-in XSS protection. This functionality is quite nice (at least they included it in the framework) but there are some issues with using it that developers should be aware of.

Fruit harvesting using graudit

graudit is a great tool to find low hanging security issues with your PERL, PHP, Python, JSP, and even .Net scripts. But, it should not be used solely to report for issues as it lacks the capabilities to find most real security issues.

Adobe hits us again.

Adobe added the Launch command to the PDF spec in 2008. Since then, attacks using this command have surfaced and we explain a sample attack along with how to disable the Launch feature to protect your environment from this type of attack.

Dropbox and KeePass: the password mashup

Mashup: Dropbox and Keepass

Let’s face it, working with clients with complex networking infrastructures is a pain.  As a contractor, you are offsite, outside of the normal water-cooler knowledge system.  You don’t hear that XYZ website forced John to change the password to the company’s twitter feed. In a perfect world, every auxiliary system your clients would use would allow access to the same data… Read more »