Home

Forums

Web development

 

 

 
 
     
 
dna88 Web development and Technology Forum
 
Profile   Register   Memberlist   Usergroups   FAQ   Search  Log in
Prelude to building a secure web application

 
Post new topic   Reply to topic    dna88 Forum Index -> Web scripting language Discussion Forum
Author Message
quantum
Site Admin
Site Admin


Joined: 07 Mar 2004
Posts: 1048
Location: Dhaka, Bangladesh
Post Post subject: Prelude to building a secure web application Reply with quote
There has been some discussion on building a secure log in system. I will probably start a new thread on that as soon as time allows. Before that I request that everyone interested in security on the web download and read this document carefully.

It includes:

An Overview – describing what web applications and web services are.

How Much Security Do You Really Need ? – explaining how to assess
the security need and perform risk assessments.

Security Guidelines – A set of high level principles that all applications should adhere to.

Architecture – Discussion on how Architecture considerations can ensure security where its needed.

Authentication – Describes the different types of authentication possible and the common problems.

Session Management – Describes the right way to manage sessions and
generate session tokens.

Access Control – Describes access control concepts

Event Logging – Describes what to log and how to log user and system events

Data Validation – Describes strategies for dealing with unexpected input and what you need to block

Common Problems – Describes problems like cross site scripting and
SQL Injection and offers practical advise on how to stop them cold

Privacy – Discusses privacy issues that may face your application.

Cryptography &nbash; How to use cryptography and describes some common mistakes.

Download the security guide by owasp.
Web application security

Also read this:
Secure Programming Techniques

Quote:
Editor's note: In this first installment in a multipart series of excerpts from Practical Unix & Internet Security, 3rd Edition, you'll find tips and general design principles to code by that will help you avoid security-related bugs. Over the next few weeks, we'll offer additional tips on topics ranging from writing network programs to writing SUID/SGID programs to using passwords to generating random numbers; all from Chapter 16 on "Secure Programming Techniques."


And this FTP link:

ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist
_________________

Dust fills my eyes / Clouds roll by / and I roll with them / Centuries cry / Orders fly / and I fall again
Afford best design, implement best solution. Outsource your web design.


Last edited by quantum on Tue Nov 02, 04 7:11 am; edited 1 time in total
Sat Oct 16, 04 12:10 pm
Back to top
quantum View user's profile Send private message Visit poster's website AIM Address
emm
Power User
Power User


Joined: 13 Jul 2004
Posts: 310

Post Post subject: Reply with quote
The onlamp site does not look relevent to me. But the Guide is good. I was little confused at first on how to download it. So here is a better link.

http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62287&release_id=251946
_________________
“You might say reality is the result of complex negotiations between the observer and the observed. But that is simply a point of view…”
Digital Bangladesh
Sat Oct 16, 04 11:11 pm
Back to top
emm View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    dna88 Forum Index -> Web scripting language Discussion Forum All times are GMT - 7 Hours
Page 1 of 1

 

Partners and Resources

Bangladesh hosting company

Bangladesh web design

Driven by phpBB © phpBB Group