16 items | 190 visits
Links that came up during Security Innovations training course and other research
Updated on Jul 23, 08
Created on Jul 22, 08
Category: Computers & Internet
URL:
Joel Bennett's List: Defensive Web Programming
-
Jul 22, 08
These are the guys teaching the courst on Defensive Web Programming
-
Jul 22, 08
Paros is for people who need to evaluate the security of their web applications. Which is a proxy that allows you to intercept and modify all HTTP and HTTPS data for the purposes of testing.
- This is the app the Security Innovations guys recommended as a way to do website testing... - Joel Bennett on 2008-07-22
-
Jul 22, 08
Asp.Net forum post announcing the Anti-Cross Site Scripting (XSS) library from Microsoft, with links to downloa.d and documentation
-
Cross-site scripting (XSS) attacks exploit vulnerabilities in Web-based applications that fail to properly validate and/or encode input that is embedded in response data. Malicious users can then inject client-side script into response data causing the unsuspecting user's browser to execute the script code. The script code will appear to have originated from a trusted-site and may be able to bypass browser protection mechanisms such as security zones.
-
-
Jul 22, 08
OWASP CSRF Guard - protects a web application from Cross-Site Request Forgery attacks through the use of a unique random request token...
-
Jul 23, 08
This URL is blocked by the Xerox proxy... but it's the home of the napkin app shown during class on Tuesday.
-
Jul 23, 08
A web-based alternative to Napkin for encoding strings...
-
Jul 23, 08
The Reform library provides a solid set of functions for encoding output for the most common context targets in web applications (e.g. HTML, XML, JavaScript, etc). The library also takes a conservative view of what are allowable characters based on historical vulnerabilities, and current injection techniques.
-
Jul 23, 08
Holodeck - allows you to simulate faults like out-of-memory, high latency, etc, and in geneal take full control over a simulated windows and .net API environment to test your applications.
-
-
-
-
Jul 23, 08
The vulnerability scanning program is an integral part of the information security risk assessment process. Scans are conducted against environmental components: servers (OS), databases, and web applications. Vulnerability scanning may be conducted from an internal or external location to identify weaknesses within the environment and mitigate against them before they can be exploited.
-
-
1 - 16 of 16
20 items/page
List Comments
(0)
List Info