CGISecurity Logo

CGISecurity turns 7

I'm happy to announce CGISecurity's 7th year providing website, and application security news as of this week. What started
out as an excuse to learn about web based vulnerabilities has really evolved. Here are a few things to put into
perspective

– The following terms hadn't been coined yet
CSRF/XSRF/Cross-site Request Forgery
XST
– Web 2.0
– AJAX
– Firefox
HTTP Request Smuggling
HTTP Response Splitting
Session Fixation
LDAP Injection
– The vulnerably used by Code Red/Nimda hadn't yet been discovered
– 'Google Hacking'. Us old timers called this altavista hacking thanks to the WWW Hack FAQ. Back then altavista was the sniznat.
– .NET Framework

– WWW-Mobile-Code (later renamed to webappsec@securityfocus) hadn't been created yet
– Cross site scripting was less than a year old
– The term XSS was less than 6 months old
DOM based XSS hadn't been discovered
– OWASP nor WASC had been formed
– You could still find vulnerable PHF machines (so I've been told 🙂
– We called Web Application Security 'CGI Security' hence why I picked this domain name.
– I was getting between 1-10 unique visitors a day compared to the 3,000-4,000 now.
– Web based worms were theoretical
– XSS was lame (oh wait….)
– The US had a president capable of completing a sentance and sounding 'smart' while doing so.

You get the idea 🙂

– Robert