I have been looking at CodeIgniter lately mainly because a lot of my colleagues are using it already. As with most frameworks, I usually start using the framework in a project and then as I am developing the application, I notice some issues with the framework. One such case is with CodeIgniter’s built-in XSS protection. This functionality is quite nice (at least they included it in the framework) but there are some issues with using it that developers should be aware of.
Fruit harvesting using graudit
graudit is a great tool to find low hanging security issues with your PERL, PHP, Python, JSP, and even .Net scripts. But, it should not be used solely to report for issues as it lacks the capabilities to find most real security issues.
Newest Twitter w0rm details and how to protect yourself
The details on the newest Twitter w0rm to surface this week and how to protect yourself from such attacks.
Adobe hits us again.
Adobe added the Launch command to the PDF spec in 2008. Since then, attacks using this command have surfaced and we explain a sample attack along with how to disable the Launch feature to protect your environment from this type of attack.
Dropbox and KeePass: the password mashup
Let’s face it, working with clients with complex networking infrastructures is a pain. As a contractor, you are offsite, outside of the normal water-cooler knowledge system. You don’t hear that XYZ website forced John to change the password to the company’s twitter feed. In a perfect world, every auxiliary system your clients would use would allow access to the same data… Read more »