The Unsecured State Part 2 - EduBase XSS (Disclosed & Fixed)

by @edent | # # # # | 6 comments | Read ~1,371 times.

This is part 2 of a series of blog posts looking at the security of the UK Government's web infrastructure. Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the… Continue reading →

The Unsecured State Part 1 - UK Parliament XSS Flaw (Disclosed & Fixed)

by @edent | # # # # | 5 comments | Read ~1,581 times.

This is part 1 of a series of blog posts looking at the security of the UK Government's web infrastructure. The UK Parliament website is pretty great. It houses a huge amount of historical information, lets people easily see what's happening in the Commons and the Lords, and is run by some really clever people.… Continue reading →

Make Facebook (and other sites) Less Annoying Using CSS

by @edent | # # # # | Read ~805 times.

I'm really late to the party on this one - so this blog post is mostly an aide-mémoire. The web is built on three fundamental components: HTML - the structure of the page. CSS - how the page is styled. JavaScript - the interactivity. Typically, the website owner sets up the CSS to say links… Continue reading →