Sam Buchanan's weblog.

Web application security

The Open Web Application Security Project. Looks very worthwhile. Too many people are working in the dark when it comes to developing secure web apps. More than just sharing knowledge, though, the OWASP are building tools for testing and implementing security.

This reminds me. I've been reading Ross Anderson's Security Engineering. Wonderful. My thanks to Alex Russell for recommending it.

I don't think that I ever mentioned these must-read papers at In particular I'd like to call your attention to "Fingerprinting Port 80 Attacks" and "Fingerprinting Port 80 Attacks, Part Two". People complain that I worry too much about security. Yeah. Well, attacks like these are hitting our servers every hour of every day. It's important to know what's being tried so we can prevent successful attacks.