16 items | 190 visits
Links that came up during Security Innovations training course and other research
Updated on Jul 23, 08
Created on Jul 22, 08
Category: Computers & Internet
URL:
These are the guys teaching the courst on Defensive Web Programming
Paros is for people who need to evaluate the security of their web applications. Which is a proxy that allows you to intercept and modify all HTTP and HTTPS data for the purposes of testing.
Asp.Net forum post announcing the Anti-Cross Site Scripting (XSS) library from Microsoft, with links to downloa.d and documentation
OWASP CSRF Guard - protects a web application from Cross-Site Request Forgery attacks through the use of a unique random request token...
This URL is blocked by the Xerox proxy... but it's the home of the napkin app shown during class on Tuesday.
A web-based alternative to Napkin for encoding strings...
The Reform library provides a solid set of functions for encoding output for the most common context targets in web applications (e.g. HTML, XML, JavaScript, etc). The library also takes a conservative view of what are allowable characters based on historical vulnerabilities, and current injection techniques.
Holodeck - allows you to simulate faults like out-of-memory, high latency, etc, and in geneal take full control over a simulated windows and .net API environment to test your applications.
The vulnerability scanning program is an integral part of the information security risk assessment process. Scans are conducted against environmental components: servers (OS), databases, and web applications. Vulnerability scanning may be conducted from an internal or external location to identify weaknesses within the environment and mitigate against them before they can be exploited.
16 items | 190 visits
Links that came up during Security Innovations training course and other research
Updated on Jul 23, 08
Created on Jul 22, 08
Category: Computers & Internet
URL: