Archives for the Month of August, 2007

CSK demo

I’ve put together a little CSK demo, it’s still early stages yet and there’s quite a bit more I can do but I thought I’d share the code early because I’ve a lot on at the moment and it might be a while before the next update and also it’s really interesting stuff. It just […]

WordPress lockdown

I’m planning to release my WordPress security plugin called “WordPress Lockdown” soon once I’ve done a full audit of WordPress code and I’ve completed other stuff. I have a few test users which are providing useful feedback all the time but unfortunately the code isn’t ready to be used by the masses because of certain […]

CSK update

I’ve been doing some more experimenting with CSS (god help us) and I’ve found a way to successfully store and retrieve data via CSS without page refreshes. In case you don’t know, CSK is my CSS Scripting Kit I’m developing. I plan to release the kit soon once I’ve polished some features. This is really […]

The blogs you should read

I’ve created this list to show my respect for some of web security’s greatest minds. I don’t usually link to blogs or posts when I write but I have decided to do it more often in order to spread the word and provide a good resource for people to learn. There may be other people […]

Secure programming flowchart

Ronald has an excellent article on secure programming:- Secure programming flowchart The reason I like this article so much is because it introduces a way of thinking. I generally think like that, I have a list of steps in my head and I try to code my scripts with various steps of security. The further […]

More browser bugs equals greater risk

I found this on Security focus:- http://www.securityfocus.com/brief/578 Really I’ve not read so much rubbish in my life, are they having a laugh or what? The article headlines with “More browser bugs, but less risk?”, all I want to know is what sites have they been looking at. If they have only been tracking malicious web […]

CSK CSS Scripting Kit

I’m currently in the process of developing a CSS Scripting Kit called “CSK”, this kit will allow you to perform scripting actions that normally would be reserved for Javascript. I believe the standards that browser manufacturers are adopting create major security holes and if they don’t either create new security policies to adapt to this […]

CSS LAN scanner

I think the single most insecure feature of internet browsers today is iframes, you can do too much with them and I feel I’ve only touched the surface with the examples I’ve shown. My next tool shows how simple it is to scan your entire local network from the internet using iframes, CSS and absolutely […]

CSS attacks!

As the browser manufacturers add new features they can sometimes overlook the security implications which can often seem minor. I’ve found two such features which I think could cause problems. CSS overlays Iframes can be manipulated to show only a small area of the screen, even worse you can actually overlay any other item over […]

Protection against CSRF part 2

Continuing from my previous post I have decided to provide demos of a lot of the techniques discussed. These techniques won’t make your site 100% secure but they will help reduce the risk of attack. Remember you need to protect against XSS and these techniques will not stop your site from being attacked with XSS. […]