There are many reasons why someone would hack your website. I list some of the most common ones here. No matter how small your website is, it has value to hackers, and its security is important! [More]

A discussion of an XSRF vulnerability I recently discovered which seemed, at first blush, not to exist at all. [More]

A few small items; Grub menu.lst AUTOMAGIC entries, Global.asax in ASP.NET and Paranoid hosts.deny doing bad things! [More]

It is commonly understood that you can only have a single HTTPS (SSL/TLS) web site per IP address. This article describes why and how you can have many SSL/TLS web sites on a single IP address, and why you might not want to do it anyway. [More]

A review of the security implications of using GET/Query String or POST/Forms values in a web application. [More]

Notes and observations about some recently observed attempts at SQL Injection attacks. [More]

Describing some of the basics for developers who want to use encryption in their programs. [More]

A reminder about personal computer security, using a Mac OSX Trojan horse as an example. [More]

Avoiding some common security software coding mistakes which arise from a mis-guided or ill-informed attempt to improve security. [More]

A couple of days ago, I put up a post about the SANS/CWE list of 2009's Top 25 Most Dangerous Programming Errors, and noted I would cover some of the items individually. Today, I will briefly cover a couple that are somewhat related, in regards to the title of this entry. What I hope to get across... [More]