Password insanity – once again
Yes, it’s a fact that people are not good at coming up with good passwords. Some administrators, security people, and such try to improve the sitatuation by providing the users “help” with coming up...
View ArticleHttpOnly broke my Selenium tests
On my current project (running .NET 2.0), I have been using Selenium to test various security related aspects of the application. (Could Selenium be used for security testing?, Selenium with support...
View ArticleHttpOnly broke my Selenium tests
On my current project (running .NET 2.0), I have been using Selenium to test various security related aspects of the application. (Could Selenium be used for security testing?, Selenium with support...
View ArticleDesign considerations for Web Services
I came across this very good article discussing web services security: Security Concepts, Challenges, and Design Considerations for Web Services Integration. It discusses concepts and design in a very...
View ArticleSecurity analogies
I just read Scott Granneman’s article on Security Analogies on SecurityFocus.com. He argues that the use of analogies is essential when explaining security to users. He makes a very good point. I think...
View ArticleNorwegian sites leaking information
Norwegian tabloid Dagbladet revealed yesterday that several commercial and non-commercial sites can be exploited to perform identity theft. In Norway, all persons get assigned a unique number...
View ArticleClik here to view.
OOPSLA’07 – Security
My second day at OOPSLA consisted of two security related workshops. The first one as entitled “Security Patterns and Secure Software Architecture” and was presented by Munawar Hafiz. Security patterns...
View ArticleOOPSLA’07: Security Testing with Selenium
I ran my demo at OOPSLA today entitled ‘Security Testing with Selenium’. You may find the presentation slides here.
View ArticleWindows CardSpace anyone?
I was at a presentation about Windows CardSpace a couple of days ago. Beautiful technology it might be, but I cannot help questioning the adoption of CardSpace in the real world. I cannot say I have...
View ArticleIs the Internet security battle lost?
According to this New York Times article, researchers at Stanford University vote in favor of starting all over, redesigning the Internet. I wonder if that is the way to go? At the same time, they...
View ArticleHTTPS is here
During the last few months, I have written several blog posts in my company’s blog about how to secure a site with HTTPS. I started off talking about how to encrypt an Azure web site with Let’s...
View Article