tech > code > Proofs of Concepts
Here are a collection of proofs of concepts of ideas I've had. Again, you're free to use and improve upon them - if you do, please contact me!
When we have access to the database, we can farm SQL Injection testing to untrained QA Analysts - they don't even need to know what SQL Injection is. This is can catch unusual code paths and is generally less expensive than a full code audit.
Let's get rid of "Secret Questions" alltogether. Let's present an attacker with a hundred questions, only 6 of which he should answer. But it will still authenticate you without making you spend a half-hour filling in radio buttons.
Using DOM manipulation, dynamically created iframe, and a cached flat-HTML file - we can more efficiently serve what were previously dynamically created content pages like forums and blogs.