Security Holes That Run Deep

Security Holes That Run Deep
Mark Burnett, 2004-12-20

How a seemingly simply Microsoft bug betrayed its author's disdain for a wide range of secure coding principles.

Security Holes That Run Deep 2004-12-21
bazzargh

Over here on the java side of the fence, things aren't much better. The web.xml deployment descriptor adds security-constraints to url-patterns. However, this element is optional and defaults to unsecured. In fact, because its not possible to say "no constraint applies" to an url pattern, no combina...

[ more ]