The Open Web Application Security Project (OWASP.org) has written and published a free 293-page book detailing how to build and develop Secure Web Applications. This guide carefully explains many common web security issues, such as cross site scripting and SQL injection vulnerabilities. It provides information about securing most forms of web applications and services, along with real world guidance using J2EE, ASP.NET, and PHP samples. It also discusses Microsoft's Threat Risk Modeling strategy, as well as several other security methodologies, such as Trike, CVSS, AS4360, and Octave. Here is a mirror of the guide. OWASP also provides some excellent Web Security Presentations and Web Security Papers.
A Guide to Building Secure Web Applications and Web Services
(3.1mb, pdf format)
Table of Contents
- About The Open Web Application Security Project
- Introduction
- What Are Web Applications?
- Security Architecture And Design
- Secure Coding Principles
- Threat Risk Modeling
- Handling E-Commerce Payments
- Phishing
- Web Services
- Authentication
- Authorization
- Session Management
- Data Validation
- Interpreter Injection
- Canoncalization, Locale And Unicode
- Error Handling, Auditing And Logging
- File System
- Buffer Overflows
- Administrative Interfaces
- Cryptography
- Configuration
- Maintenance
- Denial Of Service Attacks
- Gnu Free Documentation License
- Php Guidelines
- Cheat Sheets
No comments:
Post a Comment