PUBLIC MARKS from mbertier with tags bestpractices & webdev

The Email Standards Project works with email client developers and the design community to improve web standards support and accessibility in email.

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

Yahoo!'s Exceptional Performance team evangelizes best practices for improving web performance. They conduct research, build tools, write articles and blogs, and speak at conferences. Their best practices center around the rules for high performance web sites.

The ability to concatenate CSS or javascript files into a single HTTP request.

I've talked about CSRF before, but this time I wanted to show some of the underlying basics of it and explain why it isn't a new trick or something special. It is part of browsers and the way HTTP works, also to remove any argument that POST should be safer then GET. I know this is Internet basics, it still can be refreshing to read it over from time to time.

This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion.

In this article, we will show you how CSRF and XSS work and how to defend against them. To dispel the myths about these attacks, I will assume the role of a hacker and show how the supposedly harmless injection of tiny bits of HTML can perform amazing things, from stealing the user's identity to a completely transparent rewrite of site content.

BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting (XSS) issues in real-time.

While working on optimizing page load times for a high-profile AJAX application, I had a chance to investigate how much I could reduce latency due to external objects. Specifically, I looked into how the HTTP client implementation in common browsers and characteristics of common Internet connections affect page load time for pages with many small objects.

A List Apart offers hundreds of articles on design, markup, style, accessibility, usability, and more. We’ve selected a few that you might want to start with.

I tested the vast majority of CSS properties and some CSS practices to see how each web based client would react. You will find the results below.

What is the one true path to creating a successful PHP application? Does it exist? Does everyone know what it is? What dangers should I avoid? What works, what doesn’t? Is there a guide that will lead me down this path?

Welcome to the Yahoo! Developer Network. We help software developers integrate their Web sites and applications with Yahoo! using standard technologies such as XML and RSS.

Graded Browser Support offers two fundamental ideas: * A broader and more reasonable definition of “support.” * The notion of “grades” of support.

Things to look out for when building a large application.

Anteater is a testing framework designed around Ant, from the Apache Jakarta Project. It provides an easy way to write tests for checking the functionality of a Web application or of an XML Web service.

WebPatterns is a place to discuss, document and collaborate on patterns for web design and development.

IEs for Linux is a simple Bash Script program that installs Internet Explorer 6, 5.5 and 5 on Linux using Wine. The whole process is automatic and very easy.

I believe, however, that a fourth layer of separation is being neglected: the data layer. This layer is represented by server side scripts that process and retrieve information from a data source.

Décrit un protocole pour guider les moteurs de recherche dans les pages d'un site Web (en anglais).

Dive Into Greasemonkey is a book about programming with Greasemonkey, a Firefox extension for customizing web pages.

excellent

# Information Architecture for Content Management, # Select Country: The Art of the Global Gateway, # STUX - Integrating IA deliverables in a web application development methodology.

To help you understand how Web Caches will treat a Web page, the Cacheability Engine will look at a URL (and optionally any images or objects associated with it), giving both specific cache-related data about it, and a general commentary on how cacheable the object is.