 |
|
|
|
|
The worry-wart's guide to Web application security
IT Business Net | 17 Apr 2006
BEST WEB LINK - "Planning for the worst is what separates the good companies from the bad," declare How to Break Web Software authors Mike Andrews and James A. Whittaker in this enlightening interview. They explain why a proactive ...
|
|
|
Community Creators, Secure Your Code!
A List Apart | 18 Apr 2006
BEST WEB LINK - Community sites that allow users to alter their pages are quite popular. Letting users add code to their sites can leave all sites in the community vulnerable to threats, particularly cross-site scripting attacks. Part one of ...
|
|
|
Reporting Vulnerabilities is for the Brave
CERIAS Weblogs | 22 May 2006
BEST WEB LINK - This informal tale of one teacher's negative experience with vulnerability exposure is worth checking out. His conclusion: Reporting vulnerabilities may be noble, but it's just not worth the trouble. A lively discussion ...
|
|
|
Integer Handling with the C++ SafeInt Class
MSDN | 07 Jan 2004
BEST WEB LINK - This is in-depth, math-focused article offers a detailed overview of integer arithmetic attacks. Highly detailed code analyses and countermeasures may be off-putting to those who are not well-versed in integer overflows, but ...
|
|
|
Blocking Brute Force Attacks - General
OWASP | 22 May 2006
BEST WEB LINK - This is a simple introduction to brute force attacks. The author describes the exploits and provides a detailed list of countermeasures. Additionally, a sidebar on CAPTCHA helps explain the benefits and limitations of that ...
|
|
|
Malicious cryptography, part two
Security Focus | 16 May 2006
BEST WEB LINK - Armored viruses are analyzed in the second part of this series on the dark side cryptography. The shapeshifting aspects of these viruses are explored. The author also discusses malicious uses of Skype.
|
|
|
Malicious cryptography, part one
Security Focus | 08 May 2006
BEST WEB LINK - Most people equate encryption with security, but this two-part series explores the dark side of cryptology. Part one is focused on cryptovirology and how virus writers can use cryptology to strengthen or obfuscate their ...
|
|
|
Penetration testing for Web Applications (Part Three)
Security Focus | 20 Aug 2003
BEST WEB LINK - In the final installment of this series, the authors turn their attention to session cookies and session security issues. Binary attacks like buffer overflows are dealt with. Logic flaws are given complete coverage as well. ...
|
|
|
Penetration testing for Web applications (Part Two)
Security Focus | 03 Jul 2003
BEST WEB LINK - The second article in this informative series expands upon the first, concentrating on input validation. Common exploits such as SQL injection and cross-site scripting are covered in detail.
|
|
|
|
|
|
|
