Idunno - idunno.org
General Information:
Latest News:
Vulnerability in AntiXSS Library Could Allow Information Disclosure 11 Jan 2012 | 08:08 am
Today sees the release of AntiXSS v4.2 in order to address MS12-007. As AntiXSS is a developer tool developers need to download the latest version, test, then deploy the web sites using the library. n...
Review: Web Application Security–A Beginner’s Guide 3 Dec 2011 | 10:33 am
It’s rather strange for me reviewing Web Application Security - A Beginner's Guide given that I've written a book on the same topic, but as I know one of the authors, Bryan Sullivan and McGraw Hill of...
.NET 4.5 now includes the core AntiXSS functions 15 Sep 2011 | 08:26 am
Oh how I have wanted to sing about this for months, now it’s public … Due to the popularity of the Microsoft AntiXSS Library, ASP.NET 4.5 now incorporates core encoding routines from version 4.0 of t...
More podcasts–RunAs Radio and Developer Bookclub 15 Sep 2011 | 02:54 am
I was a guest on two podcasts last week, just in case you’re interested. The first was RunAs radio, discussing the DigiNotar hack with Richard Campbell and its consequences for IT administrators. Thi...
Listen to my dulcet tones on Hanselminutes … 2 Jul 2011 | 05:16 am
Hot on the tails of Rachel Appel calling me a security expert a couple of weeks ago I persuaded Scott Hanselman to destroy his reputation and record a Hanselminutes with me. As is usual with any podca...
So what went wrong with Citibank? (And how to fix it) 19 Jun 2011 | 07:39 am
Now my DevSecNerdRage™ has calmed down I thought it might be guess at what went wrong with Citibank and how you, as a developer, can avoid making the same mistake. From reports in the New York Times i...
Has CitiBank scared you? Want to learn more about securing ASP.NET? 15 Jun 2011 | 05:41 am
Last month I was rather pleased to welcome Troy Hunt into my little band of Developer Security MVPs. He’s been doing a bunch of blog posts on the OWASP Top 10 list for ASP.NET developers. Check them o...
CitiBank hacked – dumb developers, dumber security consultants 15 Jun 2011 | 04:40 am
This makes me bang my head on the desk In the Citi breach, the data thieves were able to penetrate the bank’s defenses by first logging on to the site reserved for its credit card customers. Once in...
AntiXSS 4.1 Beta 1 24 Apr 2011 | 07:38 am
In celebration of the bright shining thing in the Seattle sky (I haven’t seen it in a while, I’m scary) I’ve pushed new source for the AntiXSS encoding libraries to codeplex, including specific suppor...
Code coverage on MVC projects - Could not find WebDev.WebServer40.Exe. 20 Apr 2011 | 12:49 pm
So for the past few months I’ve been working on internal projects (hence no blogging – there’s nothing to share). For one of the projects, a complete rewrite of an internal site currently in ASP (wooh...