Anthony Ferrara: Preventing CSRF Attacks
Anthony Ferrara wrote on his blog few steps to prevent CSRF attacks, also as a follow-up to a discussion previously started on this blog and on twitter also. First he defined...
Plain text considered harmful: A cross-domain exploit
Benjamin Dumke-von der Ehe posted a proof of concept for a cross domain exploit using plain text, available mainly in Firefox using Proxy objects and possibly in Chrome if you enable...