I'm happy to announce CGISecurity's 7th year providing website, and application security news as of this week. What started
out as an excuse to learn about web based vulnerabilities has really evolved. Here are a few things to put into
perspective
– The following terms hadn't been coined yet
– CSRF/XSRF/Cross-site Request Forgery
– XST
– Web 2.0
– AJAX
– Firefox
– HTTP Request Smuggling
– HTTP Response Splitting
– Session Fixation
– LDAP Injection
– The vulnerably used by Code Red/Nimda hadn't yet been discovered
– 'Google Hacking'. Us old timers called this altavista hacking thanks to the WWW Hack FAQ. Back then altavista was the sniznat.
– .NET Framework
– WWW-Mobile-Code (later renamed to webappsec@securityfocus) hadn't been created yet
– Cross site scripting was less than a year old
– The term XSS was less than 6 months old
– DOM based XSS hadn't been discovered
– OWASP nor WASC had been formed
– You could still find vulnerable PHF machines (so I've been told 🙂
– We called Web Application Security 'CGI Security' hence why I picked this domain name.
– I was getting between 1-10 unique visitors a day compared to the 3,000-4,000 now.
– Web based worms were theoretical
– XSS was lame (oh wait….)
– The US had a president capable of completing a sentance and sounding 'smart' while doing so.
You get the idea 🙂
– Robert
