Articles about: secure development

Open letter to Veracode concerning duplicate flaws

I see duplicate flaws in every Veracode scan. CWE-73 External Control of File Name or Path is a particular severe offender. In a given scan, that same flaw appears up to three times. Read more »

Doing HTTP Sessions badly

In this article I explore some ways in which HTTP sessions can be used badly. I'm not talking from a church of RESTafarianism position here. I'm cool with web applications using HTTP sessions, but I want to explore the pitfalls of using them badly and given some easily followed guidance to… Read more »