Home → Archives → by date → 2002 → September → 26 →
A GUIDE TO BUILDING SECURE WEB APPLICATIONS
"While several good documents are available to help developers write secure code, at the time of this project’s conception there were no open source documents that described the wider technical picture of building appropriate security into web applications. This document sets out to describe technical components, and certain people, process, and management issues that are needed to design, build and maintain a secure web application or web service." - Version 1.1
Read online | Download PDF (983 kB)
APPLICATION SECURITY ATTACK COMPONENTS
Documentation Project: "The aim is definitely not to build the biggest list of problems or describe attacks like Nimda or Code Red; but to document the underlying primary attack components that are used in attacks so people can learn to avoid developing them and others can learn to test for them. Its the dictionary of web application security:" input validation, canonicalization, parameter manipulation, authentication and session management, overflows, cryptographic and informational attacks and countermeasures explained.
THE OPEN WEB APPLICATION SECURITY PROJECT
"OWASP is an open source reference point for system architects, developers, vendors, consumers and security professionals involved in Designing, Developing, Deploying and Testing the security of web applications and Web Services. The project is developing software tools and knowledge based documentation that helps people secure web applications and web services.All software and documentation is released under the GNU public licenses."