Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.
<a href="http://securosis.com/blog/my-personal-security-guiding-principles/">My Personal Security Guiding Principles</a>
<a href="http://ha.ckers.org/blog/20091228/popup-focus-url-hijacking/">Popup & Focus URL Hijacking</a>
<a href="http://blog.metasploit.com/2009/12/exploiting-microsoft-iis-with.html">Exploiting Microsoft IIS with Metasploit</a>
<a href="http://blogs.technet.com/msrc/archive/2009/12/29/results-of-investigation-into-holiday-iis-claim.aspx">Results of Investigation into Holiday IIS Claim</a>
<a href="http://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet">Cryptographic Storage Cheat Sheet</a>
<a href="http://practical.wordpress.com/2009/12/28/waf-vs-ips-or-four-things-your-ips-cant-do/">WAF vs IPS (or Four Things Your IPS Can’t Do)</a>
<a href="http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html">Generic cross-browser cross-domain theft</a>
<a href="http://www.net-security.org/secworld.php?id=8659">Twitter bans obvious passwords</a>
<a href="http://www.technologyreview.com/blog/editors/24589/?a=f">Web Attacks and Defenses that Could Affect Users in 2010</a>
<a href="http://owasp.blogspot.com/2009/12/sql-injection-resources.html">SQL Injection Resources</a>
![SQL語言基礎:常用的資料查詢語句[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)