A security-focused session at SQL Rally Amsterdam demonstrating privilege elevation and DoS attacks via SQL Injection on SQL Server.
Explains a security vulnerability in Express.js's bodyParser middleware and provides safer alternatives for handling file uploads.
Explains how to pass server-generated JSON data to the front-end when Content Security Policy (CSP) blocks inline scripts, comparing performance impacts.
Explores SQL Server privilege escalation from CONTROL SERVER to sysadmin, debunking myths and comparing to Oracle's security model.
Guide to securely connect SQL Server Management Studio to an Azure IaaS SQL Server instance by configuring endpoints and enabling encrypted connections.
A humorous proof-of-concept exploit using HTML5 localStorage to fill a user's hard disk, highlighting browser security flaws.
A user investigates why Google search results for 'stackoverflow' incorrectly linked to a US government website, revealing a web developer's redirect error.
A bug fix patch for Drupal Commons 3's Radioactivity module has been officially committed to the project.
A practical guide to configuring secure TLS ciphers for Apache, nginx, and HAProxy to achieve a top SSL Server Test score.
A tutorial on implementing two-factor authentication for SSH using Google Authenticator and PAM.
Explains how to securely upload files directly from a client to Windows Azure Blob Storage using Shared Access Signatures (SAS).
A guide to securing ASP.NET Web APIs using OAuth2 and Windows Azure Access Control Service for modern app authentication.
Upcoming improvements to Dabblet, including JavaScript support, cross-browser compatibility, security enhancements, and Prism integration.
The author updates the Apache module mod_defensible to be compatible with Apache 2.4, discussing the process and its utility as a prototype.
Debunks the myth that PHP is inherently insecure, attributing its reputation to FUD, its ubiquity, and its forgiving nature for beginners.
Explains how to use OpenID with Google Apps to secure internal company applications, replacing VPNs for a cleaner authentication workflow.
A security researcher details a clickjacking vulnerability in Adobe Flash that allowed websites to secretly activate users' webcams and microphones.
Analysis of the AVG Mobilation antivirus app for Windows Phone, revealing it as a non-functional port with humorous, ineffective scanning code.
Oracle's July Critical Patch Update addresses a security vulnerability (CVE-2011-2241) in OBIEE versions 10.1.3.4.1 and 11.1.1.3.
Discusses the prevalence of Game Center score hacking via jailbreak apps and criticizes Apple's lack of enforcement.
