Skip to content

Category: Web Technologies

Preventing XSS Vulnerabilities in Web Frameworks

Published on March 12, 2012

Cross Site Scripting (XSS) vulnerabilities are among the top risks to web application security. However many web application developers have only a vague idea of what XSS is, let alone how to test for it or protect against it. Many web application frameworks such as Struts or Tapestry have some controls for preventing XSS attacks. Yet I’ve seen developers disable framework protections resulting in vulnerable applications. Usually this is simply due to ignorance or lack of attention. A basic awareness of what web frameworks do to prevent XSS vulnerabilities is required to stop developers making dumb, though potentially serious mistakes.

Continue readingPreventing XSS Vulnerabilities in Web Frameworks

Web service testing with soapUI

Published on March 19, 2011

In my previous post regarding Spring-WS and Security I didn’t mention anything about testing the resulting SOAP service. Particularly when it comes to secure services, it’s vitally important to test. First, we want to make sure that the service is functionally correct – that it returns the correct results. Second, we want to make sure it is secure – that it refuses service to any request that does not meet our security requirements.

With regard to how we test, it’s simplest to use some SOAP editor tool that lets us fiddle with the request and press a button to retest instantly. But ideally we want some programmatic test that can be included in the test phase of our build.

This post describes testing the now legendary Spanners WS demo with the following requirements:

  1. Tests must be functional – they test what the webservice does
  2. Security is tested
  3. Tests can be tweaked and rerun instantly
  4. Tests can be included in build process

The updated source of the Spanners WS demo including the tests described here is available to download.

Continue readingWeb service testing with soapUI

Rounded corners in CSS / IE Tester

Published on March 1, 2011

Until Internet Explorer 8 is finally retired we still have to dick about with CSS to make IE behave properly. I’m not a CSS hacker but this is one trick that I suspect I’ll need again at least until IE9 becomes standard.

CSS3 includes a property for rounded corners which was (sort of) adopted in Firefox, Chrome and Safari some time ago. I don’t use it on this site – someone else did the hard work there using images for the corners. Presumably because CSS3 support was so poor at the time. This new CSS3 property can however be retrofitted to old browsers with a little work.

Continue readingRounded corners in CSS / IE Tester

Installing WordPress

Published on November 1, 2009

This is post number four and I’m going off topic already. This post is a technical note on how to install WordPress on a desktop PC.

After installing WordPress on my hosting service (hosted on Easily if you’re interested) I wanted a copy on my home PC as an offline backup and to generally fiddle with. As I’m likely to zap my PC soon (Vista is dead, long live Windows 7) , I’m keeping a note of how I did this.

Continue readingInstalling WordPress