Network security is dead. Don’t bother learning application security – just drop out of the industry please. There are plenty of ways of protecting against DNS rebinding, XSS, CSRF, and Ajax attacks that cross the same-origin policy. My suggestion is to use a browser that does not support Javascript, Java, or Flash – and that has been through complex code review, Fagan inspection, and is well tested. Links or ELinks (Elinks has some Javascript support) are good candidates, as is curl.”]
Source: https://taosecurity.blogspot.com/2007/08/scanning-with-flash.html

