SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Wizard nofel's Avatar
    Join Date
    Aug 2007
    Location
    Earth
    Posts
    1,766
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Need to learn security and

    hey folks,
    i had been working of a web app and security of that web app is handed to someone. but when testing part come i wanna be ready. so i wanted to know. where to start and where to be guru of it coz i can see if the security of that web app is foolproof or not.
    All those who wander aren't lost.

  2. #2
    SitePoint Evangelist smftre's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    434
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Now that is a heck of a question!

    In order to be a "guru" of web security, you will need "experience" building up towards becoming that "guru".

    Web security and ethical hacking/penetration testing is not something you can fully understand after reading 1 or 2 pdfs or etc.

    Go check out penetration testing techniques and the like. There are the top few ways to securing your code on the web, these include XSS and SQL Injections mainly. Most of the time the rest is quite strongly based around the site's environment it lives on.
    Statvoo.com The Website Traffic Monitor
    The best way to monitor traffic to your sites for free!


    Web Development London UK We make web 3.0 applications

  3. #3
    SitePoint Wizard nofel's Avatar
    Join Date
    Aug 2007
    Location
    Earth
    Posts
    1,766
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Ah, finally someone stood up and answered my post. thanks man!
    All those who wander aren't lost.

  4. #4
    SitePoint Evangelist smftre's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    434
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    haha, no problem..
    Statvoo.com The Website Traffic Monitor
    The best way to monitor traffic to your sites for free!


    Web Development London UK We make web 3.0 applications

  5. #5
    SitePoint Enthusiast
    Join Date
    Jul 2007
    Location
    USA
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation

    Quote Originally Posted by emaarkhan View Post
    hey folks,
    i had been working of a web app and security of that web app is handed to someone. but when testing part come i wanna be ready. so i wanted to know. where to start and where to be guru of it coz i can see if the security of that web app is foolproof or not.
    Sure you could do this doublecheck yourself, but I would recommend outsourcing that task to a vendor who can perform the web application security testing, give you a report, and maybe assist with remediation. If you want to make a go of it yourself, take a look at this list of potential software products that you can pick from:

    http://projects.webappsec.org/Web-Ap...y-Scanner-List

    I was going to say Qualys before I saw it was on this list, but the truth is you have a lot of options from Apache mod_security (see modsecurity.org) to simply getting on your coders to use more secure coding techniques.

    Microsoft has a pretty good writeup for ASP .NET and web app security.
    http://msdn.microsoft.com/en-us/library/ms994921.aspx

    To study up further on this topic, checkout the Open Web Application Security Project (see owasp.org), and the Web Application Security Consortium (see webappsec.org). Curious to see more posts from you describing what you've learned. Thanks!

  6. #6
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  7. #7
    SitePoint Enthusiast
    Join Date
    Jul 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    http://www.owas.org is an excellent resource for web application security.

    There are a lot of tools both open source and commercial that will allow you test the security of a web application, however it is a must that you understand what those tools are doing to understand the results.

    Check out a project from google for learning web application security over here -> http://google-gruyere.appspot.com/

  8. #8
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think you meant www.owasp.org (~;

  9. #9
    SitePoint Enthusiast
    Join Date
    Jul 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Aleksejs, I think you are correct!

    That's http://www.owasp.org - (The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software.

  10. #10
    SitePoint Wizard nofel's Avatar
    Join Date
    Aug 2007
    Location
    Earth
    Posts
    1,766
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    thank u folks for such wonderful feedback. actually i wanna learn it myself rather than to hand over to another person/outsource because i wanna upgrade my skills in web so i thought why not "web security"
    All those who wander aren't lost.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •