Hello participants of Mailing List. In March and April I've wrote new articles. And I'll tell you briefly about two my articles concerning protection against XSS and concerning backdoors in web applications. These topics should be interesting for you (especially for those, who haven't read them before). In December 2012 I've made a series of articles about methods of defending against XSS attacks. These articles were "Protection against XSS with HttpOnly" and "Protection against XSS with JavaScript" (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-December/008642.html) and last month I've wrote another article in this series. And this month I've wrote an article which continued topic of backdoors in web applications (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-December/008630.html). 1. Protection against XSS with X-XSS-Protection. http://websecurity.com.ua/6396/ In this article I've told about X-XSS-Protection header as a method of protecting against XSS attacks. Wrote about X-XSS-Protection pros and contras. Described its shortcomings and the list of browsers which support it. Among three protection methods, JavaScript method (proposed by me) has advantage in amount of supported browsers (especially it compatible with legacy browsers), but with time other methods also will increase it. 2. Backdoors in web applications. http://websecurity.com.ua/6449/ In this article, in addition to previous article, I've told about backdoors in web applications, server software and network devices. Also I've wrote about different web applications, which have functionality to find backdoors (including plugins for CMS and built-in functionality in different engines). The list includes routers, switches, storage devices, printers, HP Operations Manager Server, IBM Cognos Server, HP OpenView Performance Insight Server, Social Media Widget plugin for WordPress, where backdoors were found. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua