I was just reading RSnake's recent DNS Rebinding blog posts where he keeps stating "respect the host header". Is he simply meaning to verify that something like $_SERVER['HTTP_HOST'] in a PHP context matches one's domain??
Forum: CSRF and Session Info

Thanks for the OWASP link. That has already helped some. It is also good to see there is a sense of humor around here. Thanks for the warm welcome. ;)
Forum: Intro

Just throwing my hello out to the community. I am a senior computer science major in college interested in a lot of web development related activities. I am here to learn what I can for the purpose of being able to write secure code rather than contribute to the maelstrom that is already out there. My one problem is most of the topics are that I have flipped through are way over my head. Are th
Forum: Intro