Author Archives: D.W.

How should web app developers defend against JSON hijacking?

Posted on September 9, 2011 by D.W.

What is the best defense against JSON hijacking?

Can anyone enumerate the standard defenses, and explain their strengths and weaknesses? Here are some defenses that I’ve seen suggested:

If the JSON response contains any confidential/no… Continue reading How should web app developers defend against JSON hijacking?→

Posted in appsec, json, web-application

How to scan a PDF for malware? [on hold]

Posted on April 5, 2011 by D.W.

Can anyone suggest an automated tool to scan a PDF file to determine whether it might contain malware or other “bad stuff”? Or, alternatively, assigns a risk level to the PDF?

I would prefer a free tool. It must be suitabl… Continue reading How to scan a PDF for malware? [on hold]→

Posted in antimalware, antivirus, malware, PDF

Newer posts →