Web Security

Tag ∙ 6 posts


Soon, I will be moving the securitymetrics.org website to a simpler, secure and more usable system—the same platform that powers Markerbench. It should be done in time for Mini-Metricon (March 1st, 2013).
A few weeks ago I put together my annual Predictions blog post for the coming year. In that post and accompanying webinar, I suggested five emerging risk areas that CISOs need to pay attention to in the coming year.
I hate to be a curmudgeon about this, but this fellow needs a beat-down: Fixing AJAX: XmlHttpRequest Considered Harmful I offer this as exhibit A (as in AJAX) about why application security may well be intractable, in part because we’ve got mainstream technical outlets teaching techniques to evade well-founded security principles.
Scobleizer points out that the WS ReliableMessaging specification has been submitted to OASIS. With all due respect to the incredibly bright folks at the WS-I, I find the world of web services standards to be rather confusing.