Bryan Sullivan's Web Blog

Thoughts on web application security

REST and XSRF, Part One

Hi everyone. In case you missed my talk at Black Hat, “REST for the Wicked”, I wanted to give you...

Date: 08/15/2008

Show some respect to XSS

StickyMinds.com has just posted an article of mine on the dangers of XSS. (Although they still have...

Date: 06/11/2008

SQL injection in classic ASP

In light of the recent wake of SQL injection attacks on ASP sites, I'd like to highlight some...

Date: 05/30/2008

Web Application Firewalls in Practice - or - Yes, Jeremiah, Secure Software Does Matter

There's been a lot of renewed interest in web application firewalls lately. In the past, I haven't...

Date: 05/19/2008

Cross-domain XHR will destroy the internet

Ok, maybe “destroy the internet” is a little harsh. But let’s take a look the impact that...

Date: 04/04/2008

BlueHat shows some love to web app security

If you haven't heard yet, BlueHat v7 is dedicating the entire block of morning sessions to web app...

Date: 03/24/2008