Acidus wrote:
Ajax books are crappy. They are all targeted at novices, give horrible advice, and contain little or no security information. Maybe this is why it's more web two point own ya than web 2.0?

Shouldn't someone who knows web security actually write an Ajax security book? Why yes, yes one should. Lets hope Addison-Wesley agrees as I'm talking to their acquisitions editor tomorrow morning.

Cool, good luck. Addison-Wesley seem pretty reasonable from what I've heard in the past. I remember Phoneboy dealing with them the first time he was getting his Check Point book through the works. Knew a guy who was a personal friend of his and reviewed the drafts, etc, he seemed to feel that A-W are cool.

Side note: Folks from work were sweating me today about you. "Do you have Billy's email address?" They were wanting info on possible snort sigs for some of the hacking intranet site POC's. I told them it'd be pretty pointless to try (trivial obfuscation) but then someone else asked for your email address as well. So I'm doing due diligence: Do you know of anyone working on sigs?

Hijexx wrote:

Side note: Folks from work were sweating me today about you. "Do you have Billy's email address?" They were wanting info on possible snort sigs for some of the hacking intranet site POC's. I told them it'd be pretty pointless to try (trivial obfuscation) but then someone else asked for your email address as well. So I'm doing due diligence: Do you know of anyone working on sigs?

Sorry Daniel, I do not. I've haven't been paying too much attentions to trying to stop layer 7 attacks in layers 3 or 4. I have found that so-called web app firewalls that are independent from the application are pretty much worthless except for extreme cases. Detecting and stopping attacks at layer 7 is hard, we don't have any good solutions yet, and trying to apply solutions from lower layers to layer 7 doesn't work too well.

Hope that helps.