Section 10.9. Web Application Security Resources


10.9. Web Application Security Resources

Web security is not easy because it requires knowledge of many different systems and technologies. The resources listed here are only a tip of the iceberg.

10.9.1. General Resources

  • HTTP: The Definitive Guide by David Gourley and Brian Totty (O'Reilly)

  • RFC 2616, "Hypertext Transfer Protocol HTTP/1.1" (http://www.ietf.org/rfc/rfc2616.txt)

  • HTML 4.01 Specification (http://www.w3.org/TR/html401/)

  • JavaScript Central (http://devedge.netscape.com/central/javascript/)

  • ECMAScript Language Specification (http://www.ecma-international.org/publica-tions/files/ecma-st/ECMA-262.pdf)

  • ECMAScript Components Specification (http://www.ecma-international.org/pub-lications/files/ecma-st/ECMA-290.pdf)

For anyone wanting to seriously explore web security, a fair knowledge of components (e.g., database systems) making up web applications is also necessary.

10.9.2. Web Application Security Resources

Web application security is a young discipline. Few books cover the subject in depth. Researchers everywhere, including individuals and company employees, regularly publish papers that show old problems in new light.

  • Hacking Exposed: Web Applications by Joel Scambray and Mike Shema (McGraw-Hill/Osborne)

  • Hack Notes: Web Security Portable Reference by Mike Shema (McGraw-Hill/Osborne)

  • PHP Security by Chris Shiflett (O'Reilly)

  • Open Web Application Security Project (http://www.owasp.org)

  • "Guide to Building Secure Web Applications" by OWASP (Open Web Application Security Project) (http://www.owasp.org/documentation/guide.html)

  • SecurityFocus Web Application Security Mailing List (webappsec@securityfocus.com) (http://www.securityfocus.com/archive/107)

  • WebGoat (http://www.owasp.org/software/webgoat.html) (also discussed in the Appendix A)

  • WebMaven (http://webmaven.mavensecurity.com/) (also discussed in the Appendix A)

  • SecurityFocus (http://www.securityfocus.com)

  • CGISecurity (http://www.cgisecurity.com)

  • Web Application Security Consortium (http://www.webappsec.org)

  • Web Security Threat Classification (http://www.webappsec.org/threat.html)

  • ModSecurity Resource Center (http://www.modsecurity.org/db/resources/)

  • Web Security Blog (http://www.modsecurity.org/blog/)

  • The World Wide Web Security FAQ (http://www.w3.org/Security/Faq/)



    Apache Security
    Apache Security
    ISBN: 0596007248
    EAN: 2147483647
    Year: 2005
    Pages: 114
    Authors: Ivan Ristic

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net