csrf – extending the owasp solution and “interesting” IE javascript bugs...
While implementing CSRF for JForum, I needed to extend the OWASP solution. Let me tell you, they don’t make it easy to extend. Lots of final. Here’s what I did – linked to code on github. To read...
View Articlecsrf – jforum cleanup and problems
See part 1for how we got here and part 2 for how we changed the OWASP filter. Code cleanup and problems There is some poorly written code in JForum that CSRF now prevents from working. In these...
View Articlefixing csrf for jforum and csrf filter analysis (part 1)
This post goes through how we fixed CSRF (cross site request forgery) in JForum, issues encountered and approach. It is useful reading for anyone who needs to protect against CSRF on their website....
View Articlecsrf for JForum without javascript
In February, I wrote a three part series on how we fixed JForum on coderanch to protect from CSRF. In included; Analysis Extending OWASP Problems Remaining problems Unfortunately, there were three...
View Articlefixing clickjacking and brute force login for jforum
I’ve been blogging about some of the security fixes we’ve made in the CodeRanch fork of JForum such as XSS with quotes and CSRF. Today it is time to write about Clickjacking and preventing brute force...
View Articlecontrast security plugin for eclipse
I recently learned that Contrast Security has a free plugin that tests your application against the OWASP Top 10. We’ve tried to fix these already. You can read about how we fixed Clickjacking, CSRF...
View Articlefinding out when Oracle changes the certification objectives
As Scott and I noted in the introduction of our book, Oracle tends to fiddle with the duration, number of questions and passing score of their certification exams. They also fiddle with the exam...
View Articlehow not to migrate from subversion to git
You know how you typically read blog posts of what to do that works. And not all the things people tried that didn’t work. This post is dedicated to what didn’t work. Also see: Main migration blog post...
View Articlemigrating tags from a large coderanch repository from svn to git
To review, this repository has just under ten thousand commits and just under 400 tags. Migrating with “git svn clone” would have taken over 48 hours. Since the majority of the time was going to...
View Articlemigrating coderanch from svn to git
CodeRanch has been using SVN for a long time for the forum software. It’s high time to switch. We have just over 20 projects in our one SVN repository. Most are small/inactive so it wouldn’t be...
View Article