There are few things more irritating than comment or contact form spam.

The general sense in the web development community is to add a CAPTCHA. This is great for things like a registration form, or anything requiring security, but for something as simple as spam in your comments and contact forms, there has to be a better way.

I did an experiment, I set up an unprotected contact form on a hidden part of humanbagel.com, and linked to it via the robots.txt. I then logged all the dynamics of over 1,000 spambots over six months.





...

Greetings,
I just made HumanBagel.com 4.0 offically live!

I have been busy with several new projects, mostly writing a number of articles and guides that should be published in the upcoming weeks in several places.

I am also in the process of writing up the publication on a serious exploit that I found in a very popular social news site. So, while I digg up some references for that publication, keep checking back.

More to come soon, so stay tuned.






...

The question "What is web security testing?" is something I get asked a lot in my field of work, and most people do not understand what it is, what it is for, and how it is done.

I hope to explain all of these in as short a time as possible.

First of all:

What is web security testing?

Web security testing is a process where a web security professional runs a large number of tests against a website or web server to see how an attacker may hack it.

Usually, a highly detailed report is returned to the client det







...

Earlier yesterday, Google announced its Chrome Operating system.

I don't know what it will be. How it will function, or any of its benefits, but I want it now.

Google Operating System Official Blog



...

Greetings, Bagel Blog followers!
I have been spending a huge amount of time lately crafting a comprehensive guide to programming a secure user system.

The guide will cover things like planning, understanding the general threats, how to prevent these threats, best security practices, all with example code and practical examples, with specific information as to why each piece is needed, and what can happen if you don't do it.

I will include a realistic analysis of several common threats (XSS, CSRF, SQL injection, etc.), along with best use




...