The WASP

So I was surfing around today and found a great blog on here that I thought I would post for others interested in this field to check out. http://jeremiahgrossman.blogspot.com/ I had this guys company in here a few months ago for a POC while we were deciding on a app security vendor. The sales guy was intolerable, but Jeremiah is quite astute in this field and his blog is really full of great stuff from an industry perspective. In addition the Burp Suit BETA is now available for those familiar with it...it is available at http://blog.portswigger.net/ and it is loaded with lots of new features. It did crash one of my PC's, but lots of newer apps do...(it may be specific to my older PC) so it should be safe on an updated box. Anyway, I wanted to get back to the topic of code disclosure. I was reading through a text I have about Trojans and worms and I am really upset, or more to the point sick and tired, that they do not post an actual coded variant. What is the big stigma...? Anyway... tools are great but you really have to have a core understanding of what you are doing to really get anything out of them.