Web Application Security - LugRadio Live 2009

These are my slides from the presentation I gave at LugRadio Live 2009 at Wolverhampton. The presentation was a brief tour of some common security issues you might come across developing web applications. I also covered ReDOS which is a lot less well known but an interesting vulnerability. The notes…

Open Redirects and Phishing Vectors

There was an interesting article on the Google Webmaster Central blog back in Jan talking about open redirects being abused by spammers. One point they didn't go into too much detail on is that of phishing vectors. If you're running a site with any kind of user registration and you…

Encrypt your homedir on your mac without FileVault

I used FileVault for about a month and I found it really degraded the overall experience of using my mac. Basically using filevault caused a huge slowdown in performance. In addition I quickly found the repeated prompting to compact the filevault every time I shutdown annoying especially as this process…

Dreamweaver lock files exposed

This is a warning to anyone out there using Dreamweaver to check files in and out from their web server. The lock files (.lck) that tell your colleagues that you have a file checked out can be indexed by google and reveal information such as your name, a username and…