« WASC Web Hacking Incident Database Semi-Annual Report for 2010 | Main | CGISecurity Turns 10!: Summary of the more interesting site posts throughout the years »

CGISecurity.com Turns 10!: A short appsec history of the last decade

Ten years ago today I started cgisecurity.com to fill a void in the application security space. At the time no other dedicated site existed, neither OWASP nor WASC had been created, and the www-mobile list was effectively the only place to discuss web related vulns and attacks . When I first started this site I admit I didn't know what I was doing, and looked at this site as an excuse to learn more about/discuss web based threats. A lot has happened since I first started this site, here are a few things to put it into perspective.

  • The vulnerability used by Code Red/Nimda hadn't yet been discovered
  • The Java Struts framework was only a few months old
  • The securityfocus webappsec list hadn't been created/renamed yet
  • www.incidents.org hadn't been renamed to isc.sans.org yet
  • Cross site scripting was less than a year old
  • The term XSS was less than 6 months old
  • You could still find vulnerable PHF machines (so I've been told :)
  • Web Application Security was refereed to as 'CGI Security' hence why I picked this domain name.
  • I was getting between 1-10 unique visitors a day compared to the 2,000-4,000 now.
  • Web based worms were theoretical
  • C# hadn't yet been renamed from "Cool"
  • RFP's Responsible Disclosure Policy was a few months old
  • XSS was lame (oh wait....)

The following security sites didn't exist


The following security terms hadn't been published/coined/discovered yet

The following browser technologies/terms didn't exist

The following tools/products/frameworks/technologies did not exist

The following security processes/methodologies didn't exist

The following security compliance standards didn't exist

The following security products/projects didn't exist



Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Minor correct, Webkit existed 10 years ago as KHTML. Anyway, happy birthday. :-)

@Anonymous - That's like claiming Firefox existed because the Mozilla project was in the process of struggling to crap something out (remember 10 years ago when Mozilla was considered the epic fail of the OSS community). KHTML is Webkits equivelent of an early hominid. Sure, we can see where the DNA is shared, but its hard to confuse the two.

I would also add that the malware industry was completely different a decade ago. Spyware was in a very infantile stage (and being bundled with legit products intentionally), most self propogating malware was written by people just for the hell of it (as opposed to being written to make money), and macro exploits where all the rage. A heck of a lot has changed in 10 years.

...and CLASP?

Nice post :) Darknet was around then, but not in the form it is now. Those were the days of smurf attacks and AT++ modem drops.