24 Eylül 2008 Çarşamba

OWASP Top Ten 2007 Most Critical Web Application Security Vulnerabilities

A1. Cross Site Scripting Flaws

A2. Injection Flaws

A3. Malicious File Execution

A4. Insecure Direct Object Reference

A5. Cross Site Request Forgery

A6. Information Leakage and Improper Error Handling

A7. Broken Authentication and Session Management

A8. Insecure Cryptographic Storage

A9. Insecure Communications

A10. Failure to Restrict URL Access


Resources

Books
• [ALS1] Alshanetsky, I. “php|architect's Guide to PHP Security”, ISBN 0973862106
• [BAI1] Baier, D., “Developing more secure ASP.NET 2.0 Applications”, ISBN 978-0-7356-2331-6
• [GAL1] Gallagher T., Landauer L., Jeffries B., "Hunting Security Bugs", Microsoft Press, ISBN 073562187X
• [GRO1] Fogie, Grossman, Hansen, Rager, “Cross Site Scripting Attacks: XSS Exploits and Defense”, ISBN 1597491543
• [HOW1] Howard M., Lipner S., "The Security Development Lifecycle", Microsoft Press, ISBN 0735622140
• [SCH1 Schneier B., “Practical Cryptography”, Wiley, ISBN 047122894X
• [SHI1] Shiflett, C., “Essential PHP Security”, ISBN 059600656X
• [WYS1] Wysopal et al, The Art of Software Security Testing: Identifying Software Security Flaws, ISBN 0321304861

Web Sites

• OWASP, http://www.owasp.org

• MITRE, Common Weakness Enumeration – Vulnerability Trends, http://cwe.mitre.org/documents/vuln-trends.html

• Web Application Security Consortium, http://www.webappsec.org

• SANS Top 20, http://www.sans.org/top20/

• PCI Security Standards Council, publishers of the PCI standards, relevant to all organizations processing or holding credit card data, https://www.pcisecuritystandards.org/

• PCI DSS v1.1, https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf

• Build Security In, US CERT, https://buildsecurityin.us-cert.gov/daisy/bsi/home.html

• The Microsoft Source Code Analyzer for SQL Injection tool is available to find SQL injection vulnerabilities in ASP code http://support.microsoft.com/kb/954476

• Application Architecture for .NET: Designing Applications and Services http://msdn.microsoft.com/en-us/library/ms978357.aspx

• ASP.NET Security Architecture http://msdn.microsoft.com/en-us/library/yedba920.aspx

• Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication http://msdn.microsoft.com/en-us/library/aa302415.aspx

• .NET Security for Architects http://www.owasp.org/index.php/.NET_Security_for_Architects

• .NET Security for Developers http://www.owasp.org/index.php/.NET_Security_for_Developers

Gönderen Serdar zaman: 09:07

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)