I’m happy to announce CGISecurity’s 8th year providing website, and application security news as of today. What started
out as an excuse to learn about web based vulnerabilities has really evolved. Here are a few things to put into
perspective
– The following terms hadn’t been coined yet
– CSRF/XSRF/Cross-site Request Forgery
– XST
– Web 2.0
– AJAX
– Silverlight
– Firefox
– HTTP Request Smuggling
– HTTP Response Splitting
– Session Fixation
– LDAP Injection
– The vulnerably used by Code Red/Nimda hadn’t yet been discovered
– ‘Google Hacking’. Us old timers called this altavista hacking thanks to the WWW Hack FAQ. Back then altavista was the sniznat.
– .NET Framework
– WWW-Mobile-Code (later renamed to webappsec@securityfocus) hadn’t been created yet
– Cross site scripting was less than a year old
– The term XSS was less than 6 months old
– DOM based XSS hadn’t been discovered
– OWASP nor WASC had been formed
– You could still find vulnerable PHF machines (so I’ve been told 🙂
– I was getting between 1-10 unique visitors a day compared to the 3,500-4,500 now.
– Web based worms were only theoretical
– XSS was lame (oh wait….)
You get the idea 🙂
