Browse by Tags
All Tags »
Application Security (
RSS)
In my previous post on CAPTCHAs I mentioned that “…you need to make sure the end user can’t do anything to influence what code you pick.” For this example, I will pick on captchas.net, which provides a free CAPTCHA service for anyone...
Filling out a web form without also having to pass a CAPTCHA test nowadays is pretty rare. CAPTCHAs weren’t really that annoying to me when they were more of a rare occurrence but I have been finding myself more and more bothered with them lately...
A couple years ago I mentioned in a SecurityFocus column that Windows has a problem when you put a file named “program.exe” in the system root directory. The problem is basically in how it deals with spaces in paths that don’t have quotes...
One thing that bothers me about many web sites out there is how I get to (or don’t get to) choose my account name. Sure, many web sites let you have any account name you want, but some web sites just want to use your e-mail address. While this is...
If you do any kind of .NET web development, it would be well worth your time to dig through Microsoft’s Patterns & Practices Security Wiki The Wiki is a good index of old articles and a launching point for new articles on secure web development...
I got an e-mail earlier this week from a financial web site. The e-mail displayed the last 4 digits of my U.S. social security number. Presumably, they didn’t show the entire number for security reasons, but I wondered how secure that really is...
Today I ran across a Firefox add-on that automatically fills out the CAPTCHA form when you log in: https://addons.mozilla.org/firefox/4381/ Although some might think this is convenient, it obviously shows that eBay’s CAPTCHA, like so many others...
Pafwert is an unique free tool to help you to select strong passwords that are easy to remember. Read More...
I am constantly frustrated with poor security implementations I see all around the web. Often, these mistakes could be avoided by never breaking the simple security rules. One of these rules wrote about in my book Hacking the Code is that you should always...