The Cross-site Request Forgery FAQ has been released to address some of the common questions and misconceptions regarding this commonly misunderstood web flaw.

Here is a good resource on the good, the bad and the ugly of using NetBIOS NULL Sessions as attack target

an interesting article on automated vulnerability scanners and the limitations of these tools in finding real life web application vulnerabilities .

The following column was published on SecurityFocus today: PHP apps: Security’s Low-Hanging Fruit by Kelly Martin published 2007-01-08 PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here’s how PHP coding errors have become the new low-hanging fruit for attackers, contributing [...]