Free Book on Building Secure Web Applications
The Open Web Application Security Project (OWASP.org) has
written and published
a free 293-page book detailing how to build and develop Secure Web
Applications. This guide carefully explains many common web
security issues, such as cross site scripting and SQL injection
vulnerabilities. It provides information about securing most
forms of web applications and services, along with real world guidance
using J2EE, ASP.NET, and PHP samples. It also discusses Microsoft's
Threat Risk Modeling strategy, as well as several other security
methodologies, such as Trike, CVSS, AS4360, and Octave. Here is a zip
download of the guide. OWASP also provides some excellent Web
Security Presentations and Web
Security Papers.
A
Guide to Building Secure Web Applications and Web Services
(3.1mb,
pdf format)
Table of Contents
- About The Open Web Application Security Project
- Introduction
- What Are Web Applications?
- Security Architecture And Design
- Secure Coding Principles
- Threat Risk Modeling
- Handling E-Commerce Payments
- Phishing
- Web Services
- Authentication
- Authorization
- Session Management
- Data Validation
- Interpreter Injection
- Canoncalization, Locale And Unicode
- Error Handling, Auditing And Logging
- File System
- Buffer Overflows
- Administrative Interfaces
- Cryptography
- Configuration
- Maintenance
- Denial Of Service Attacks
- Gnu Free Documentation License
- Php Guidelines
- Cheat Sheets
Technorati Tags: web security, secure web applications, secure applications, secure progamming
