This is Shahar Sperling's Typepad Profile.
Join Typepad and start following Shahar Sperling's activity
Join Now!
Already a member? Sign In
Shahar Sperling
Recent Activity
Neat. I wanted to mention that you might be overestimating a couple of things: 1) That your average J. Q. Surfer can keep track of the favorite links, and most wont notice a new entry. Try as I might, mine usually end up in a mess. 2) That the same average person looks at the address bar past the initial typing or can understand what goes on there. Or cares, for that matter. I would agree that getting there's the hard part. However, if you could inject an "Add to Favorite" link (XSS of some sort?), most people would be completely oblivious to the fact they were compromised.
I love the imagery and analogies (simile? I'm never sure). But the bottom line is a little lost, for my taste in brutal simplicity - we can all use a bit of healthy paranoia (or a healthy bit of paranoia, you decide).
Toggle Commented Sep 17, 2007 on A Wild Safari at IBM Application Security Insider
All good research should begin with a quick search in Google. Can save you a lot of time and effort. I guess it's time to set up a WebAppSec Department of Redundancy Department.
Not necessarily. First of all, remember that this is a young industry. I hail from the Telecom industry, where you're still an up-and-coming company if you've only been around for 10 to 15 years. Give them time. The market will grow, and we will see a fourth option in the future (to pen-testing, code scanners, app-scanners). It's the nature of things. The "Legacy" telephony platforms got blindsided by VOIP. I'm sure we'll get blindsided by something new. God knows what Silverlight and the likes hold in store for us. The industry will grow. More and more of our lives migrates to the web. There will be plenty of technologies to hack and to protect. Plenty of space to roam in. Plenty of money to be made. Someone is always looking for the next web search-engine, the next firewall, the next application server. They will look for the next tool to make their web-application safer.