• Preventing CSRF Attacks with AJAX and HTTP Headers https://nealpoole.com/blog/2010/11/preventing-csrf-attacks-with-ajax-and-http-headers/ 4 comments 25/8/2012
• XSS Filters can be used to bypass clickjacking (scroll down to point 3) https://nealpoole.com/blog/2011/08/lessons-from-facebooks-security-bug-bounty-program/ 2 comments 26/8/2011
• Cross-Site Scripting? In PHP Notices? It's more likely than you think https://nealpoole.com/blog/2011/08/cross-site-scripting-via-error-reporting-notices-in-php/ 14 comments 18/8/2011
• Avoiding Arbitrary Code Execution with nginx and php-fastcgi https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/ 15 comments 8/4/2011
• Preventing CSRF Attacks with AJAX and HTTP Headers http://nealpoole.com/blog/2010/11/preventing-csrf-attacks-with-ajax-and-http-headers/ 2 comments 22/1/2011
• HTTP Response Splitting Vulnerability on reddit.com http://nealpoole.com/blog/2011/01/http-response-splitting-on-reddit-com/ 26 comments 15/1/2011
• Hacking Google Calendar http://nealpoole.com/blog/2010/11/google-vulnerability-reward-program-google-calendar-csrf/ 5 comments 1/12/2010

• Bad Changes to eBay's Responsible Disclosure Policy https://nealpoole.com/blog/2013/03/bad-changes-to-ebays-responsible-disclosure-policy/ 3 comments 14/3/2013 netsec
• How Hard Is It To Blacklist A Java Applet? https://nealpoole.com/blog/2013/01/how-hard-is-it-to-blacklist-a-java-applet/ 9 comments 24/1/2013 netsec
• Excellent writeup detailing an old and patched XSS vulnerability in reddit https://nealpoole.com/blog/2011/01/http-response-splitting-on-reddit-com/ 4 comments 15/12/2011 netsec
• Lessons from Facebook's Security Bug Bounty Program https://nealpoole.com/blog/2011/08/lessons-from-facebooks-security-bug-bounty-program/ 11 comments 25/8/2011 netsec
• Multiple Major Security Vulnerabilities in Textpattern https://nealpoole.com/blog/2011/05/multiple-major-security-vulnerabilities-in-textpattern/ 5 comments 26/5/2011 netsec
• Check your config and avoid arbitrary code execution with nginx and php-fastcgi https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/ 6 comments 8/4/2011 netsec
• Security Vulnerability Found and Fixed on Reddit.com http://nealpoole.com/blog/2011/01/http-response-splitting-on-reddit-com/ 28 comments 15/1/2011 netsec