SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 31

Hybrid View

  1. #1
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Resources on web application security

    Hello!
    The other day I was compiling a list of resources on web application security for latvian speaking PHP developer forum php.lv/f and to my surprise (unlike in other categories) I could not find compilation of resources in this huge forum. So here I share what I've found so far:

    PHP Security Consortium - PHP Security Guide

    OWASP - Web application security principles

    PHP Freaks - PHP Security

    Tutorialized - PHP Security Tutorials

    Code Breach - PHP Security tutorials

    IBM - Mashup security / Technologies and techniques for securing UI artifacts and data in a mashup

    IBM - Seven habits for writing secure PHP applications

    Web Application Component Toolkit - Web Application Security

    Security Patterns Very, very, very useful, yet underrated resource

    Google - Browser Security Handbook

    Ross Anderson - Security Engineering - The Book

    Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone - Handbook of Applied Cryptography - comprehensive book on cryptography.

    Please share resources that you've found on the topic of security and hopefully this thread will get pinned so that everyone can benefit.

  2. #2
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,514
    Mentioned
    37 Post(s)
    Tagged
    1 Thread(s)
    http://www.scanit.be/uploads/php-file-upload.pdf is a good read on file upload security. I see so many tutorials (and advice given on these forums regularly) from people that don't realise that there are ways to circumvent many of the simple upload tests suggested.

  3. #3
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  4. #4
    SitePoint Guru risoknop's Avatar
    Join Date
    Feb 2008
    Location
    end($world)
    Posts
    834
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I wrote few articles about security related issues:

    Password hashes and salts
    User login and authentication with Zend_Auth and Zend_Acl

    I am also planning to write an article on session fixation and XSS in the future, and especially on how to fight them in Zend Framework applications.

  5. #5
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  6. #6
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    SecurityTube - Presentations on security from various conferences.

  7. #7
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  8. #8
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Uses ASP.NET for the examples but the concepts are language independent. (Almost a 1,000 pages of content, for free no less!)

    Microsoft - Improving Web Application Security: Threats and Countermeasures (PDF here)

    Another, again its focus is ASP.NET, but the concepts are independent.
    Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication (PDF here)
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  9. #9
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  10. #10
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Last edited by ScallioXTX; May 8, 2011 at 09:00.

  11. #11
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  12. #12
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Weaning the Web off of Session Cookies Making Digest Authentication Viable by Timothy D. Morgan
    Abstract
    In this paper, we compare the security weaknesses and usability limitations of both cookiebased session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice. We propose several small changes in browser behavior and HTTP standards that will make HTTP authenti*cation schemes, such as digest authentication, a viable option in future application development.

  13. #13

  14. #14
    SitePoint Enthusiast whitebelt's Avatar
    Join Date
    Oct 2006
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This thread would be greatly improved if those in the know can supply sitepoint fans a long list of reputable web security companies or programmers we may hire in order to secure or fix our sites.

    All this info. is good. But if u run a business and don't know how to program, you should have a list of security experts you can hire to secure your business' website.

    Can anyone compile this kind of list here?
    Whitebelt,
    website owner

  15. #15
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here is the updated link to my PHP security checklist:
    http://www.sk89q.com/2009/08/definit...ity-checklist/
    (The domain changed abruptly last November.)

    (invision2 reminded me about it in one of his posts.)

  16. #16
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sk89q, LOL just came here to post that very same link of yours

    phpGACL - Generic Access Control Lists
    Summary:
    A PHP class offering Web developers a simple, yet immensely powerful "drop in" permission system to their current Web based applications.
    P.S. Thank you Admins for pinning this topic

  17. #17

  18. #18
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  19. #19
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Qualys is offering anyone their product QualysGuard:
    Thousands of web sites are infected with malware daily, propagating the infection to visitors of their web sites at an increasing speed. To combat these threats, QualysGuard® Malware Detection is a FREE service that proactively scans web sites of any size, anywhere in the world for malware infections and threats. QualysGuard Malware Detection provides businesses with automated alerts and in-depth reporting for effective remediation of identified malware to help businesses protect their web sites and web site visitors from malware.
    http://qualysguard.net/forms/trials/stopmalware/
    More info:
    http://qualysguard.net/products/qg_s...are_detection/

    It should give you an early warning if your website is hacked.

    @pilotjourney - I think you can check out their blog: http://blog.websecurify.com/ and About page, which leads to: www.gnucitizen.org

  20. #20
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Security Poster - Sektion Eins (German version available as well)

  21. #21
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  22. #22
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    NSDECODER
    NSDECODER is an automated website malware detection tool. It can decode and analyze a website and detect malware. Also, NSDECODER will report which vulnerabilities have been exploited, and will show the original source address of the malware.

  23. #23
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Top 10 Open Source Web Application Firewalls (WAF) for WebApp Security
    Web application firewalls provide security at the application layer. Essentially, WAF provides all your web applications a secure solution which ensures the data and web applications are safe.

    A web application firewall applies a set of rules to HTTP conversation to identify and restrict the attacks of cross site scripting, SQL injections etc. You can also get web application framework and web based commercial tools, for providing security to web applications. Web Application Firewalls allows you to customize the rules by identifying and blocking malicious content.

  24. #24

  25. #25
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •