Web Security Dojo is a web application security lab with tools, targets, and training materials built into a Virtual Machine(VM). It is an open source project built on Ubuntu and hosted at SourceForge. It is available in three flavors: a Virtualbox VM, VMWare VM, and a build script which can be used on a standard Ubuntu 9.10 install to produce the Dojo. It is available free of cost.

Ajax is perhaps the best known RIA technology today. While several implementations of Ajax have arrived, and many software projects involve the use of Ajax; there is still a lack of consistency in the approach and usage of Ajax. There is also a significant confusion regarding which Ajax toolkit should be used, and how?

HP analyzed almost 4,000 web applications developed with Flash software and found that 35 percent violate Adobe security best practices. Hackers can exploit this situation to circumvent security measures and gain unfettered access to sensitive information.

A new security model Building Security In Maturity Model (BSIMM) has been released that describes the activities practiced by nine of the most successful software security initiatives in the world. BSIMM is a real-world set of software security activities organized so that you can determine where you stand with your software security initiative and how to evolve your initiative over time.

More than 40 security software technologists and anti-malware testers from around the world recently met in Bilbao, Spain to formalize the charter of the Anti-Malware Testing Standards Organization, or AMTSO. The formation of AMTSO has been driven by industry- wide concern about the increasing mismatch between what anti-malware technologies actually do, and the testing methodologies used to evaluate them. As anti-malware solutions become more complex, many existing tests are unable to evaluate product effectiveness properly, resulting in product reviews that are sometimes incomplete, inaccurate and misleading.

The subject of threat models is quite interesting in the information security space. It talks about how we model the application so that only the authorized users are allowed an access to the system, while other unauthorized users are not. It can be very naive to think that thinking about possible threats and modeling solutions based on them is straightforward. Attacks often happen from the most unexpected people and places.