Anurag Agarwal announced a series of professional portraits of the gurus in Web Applications Security .
Quoting Anurag :
Every friday i will present a major player from the web application security field and outline his contributions to the industry.
The series of mini biographies is called Reflection and this week’s security superstar was Amit Klein. […]

The new buzz of the Google Webmaster Tools’ Link has spread like wildfire. However, this great tool had a serious vulnerability which permitted to gain access to the links statistics of any website.

Bruce Schneier released a great essay on the Psychology of Security exploring how psychology can help explain the difference between the feeling of security and the reality of security.

Testing Fault Injection in Local Applications proves to be a great resource for describing the local resources and interprocess communication,

These are the best online resources in web application security :

An ingenious way of breaking the same-origin policy by undermining dns-pinning :

The Cross-site Request Forgery FAQ has been released to address some of the common questions and misconceptions regarding this commonly misunderstood web flaw.

Here is a good resource on the good, the bad and the ugly of using NetBIOS NULL Sessions as attack target

an interesting article on automated vulnerability scanners and the limitations of these tools in finding real life web application vulnerabilities .

The following column was published on SecurityFocus today:
PHP apps: Security’s Low-Hanging Fruit
by Kelly Martin
published 2007-01-08
PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here’s how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems […]