CGISecurity.com: Your Web Site and Application Security Resource

CGISecurity.com: Your Web Site and Application Security Resource http://www.cgisecurity.com/ CGISecurity has been providing news on Application Security, Database Security, Website Security, Vulnerability Assessment, and more since 2000. en-us Copyright 2000-2007, CGISecurity.com admin@cgisecurity.com Attacking PHP weak PRNGs: mt_srand and not so random numbers http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080803&ref=rss Tools: Grendel Scanner a new Web Application Security Scanner http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080802&ref=rss Affiliate Programs Vulnerable to Cross-site Request Forgery Fraud http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080801&ref=rss Site News: New Design and beta site! http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080714&ref=rss DNS Vulnerability Leaked By Matasano Security After Being Asked Not To By Vulnerability Discoverer http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080713&ref=rss Spring Framework vulnerabilities http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080712&ref=rss GRSecurity Author Outlines Lack of Full Vulnerability Disclosure by Linux Kernel Developers http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080711&ref=rss Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications) http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080710&ref=rss Fallout From the Fall of CAPTCHAs http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080709&ref=rss OWASP/WASC Party at Blackhat in Las Vegas http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080708&ref=rss Widescale DNS flaw discovered http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080707&ref=rss Most Corporations Lack Proper SDLC http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080706&ref=rss Jason Taylor on Security Testing http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080705&ref=rss Sony PlayStation's site SQL injected, redirecting to rogue security software http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080704&ref=rss Firefox 2.0.0.15 Addresses Multiple Security Issues http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080703&ref=rss Cloudsecurity.org Interviews Guido van Rossum: Google App Engine, Python and Security http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080702&ref=rss Microsoft outlines extensive IE8 security improvements http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080701&ref=rss Today's the day! PCI DSS section 6.6 is required http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080615&ref=rss OFF Topic: A farewell to Bill gates http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080614&ref=rss Tools: Microsoft Announces Three Tools to help prevent SQL Injection http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080613&ref=rss Ruby creators warn of serious flaws http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080612&ref=rss Securityfocus interview with Mozilla security team http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080611&ref=rss My current stance on Web Application Firewalls http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080610&ref=rss JavaScript Code Flow Manipulation, and a real world example advisory - Adobe Flex 3 Dom-Based XSS http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080609&ref=rss Paper: The Extended HTML Form attack revisited http://www.cgisecurity.com/cgi-bin/redir.cgi?story=080608&ref=rss