article on XSS

I just found this article on XSS from OWASP This should be a good one, I plan on reading it and using it with EASPI.

Good points of top n lists

I thought it was only fair to point out the flip side of top n lists, since my last post I pointed out the problems with them in an artilce from Gary McGraw. This one is found here. Here is a good summarizing quote from the blog, "I agree, just the list would be pretty worthless. The best part of each of these lists, however, are the pains they go to providing excellent information on mitigation strategies and tactics. Use this information to whatever advantage you can. It is, after all, free."

The good and bad of the CWE/SANS Top 25

Earlier this week SANS/CWE posted this. The top 25 most dangerous programming errors. This is a good list to know what to watch out for but don't get caught up in the details. As a security professional state "Security is all about risk management", the source can be found with an article by Gary McGraw. Gary does a good job and reminding you that while it's good to know the details, don't get caught up in them. First and foremost know how to prioritize and apply those risks to your responsibilities.