Aleksejs Posted January 27, 2010 Author Report Share Posted January 27, 2010 Weaning the Web off of Session Cookies Making Digest Authentication Viable by Timothy D. Morgan AbstractIn this paper, we compare the security weaknesses and usability limitations of both cookiebased session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice. We propose several small changes in browser behavior and HTTP standards that will make HTTP authenti*cation schemes, such as digest authentication, a viable option in future application development. Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted February 10, 2010 Author Report Share Posted February 10, 2010 Impervas glossary of data security and compliance terms Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted February 11, 2010 Author Report Share Posted February 11, 2010 Vēl īpaši būt jāizceļ: OWASP]Guide to Building Secure Web Applications and Web Services Quote Link to comment Share on other sites More sharing options...
Gints Plivna Posted February 19, 2010 Report Share Posted February 19, 2010 25 bīstamākās programmēšanas kļūdas Quote Link to comment Share on other sites More sharing options...
2easy Posted February 20, 2010 Report Share Posted February 20, 2010 tikai tas VID "caurums" bija "by design" :D:D:D Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted February 20, 2010 Author Report Share Posted February 20, 2010 Kā jau tvītoju tieši šī Ginta pieminētā MITRE saraksta kontekstā: EDS caurumam ir šo kļūdu pazīmes: CWE-285; CWE-306; CWE-732 http://cwe.mitre.org/top25/ - šī gada top 25 kļūdas Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted March 29, 2010 Author Report Share Posted March 29, 2010 Tikko pamanīju drošības problēmu skeneri: WebSecurify Lūk divi raksti par to: Before You Go Live, Test Your Website Security With Websecurify WebSecurify – Finds Out Your Sites’ Vulnerabilities Protams, pieredzi un veselo saprātu neaizstās neviens rīks ;) Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted March 29, 2010 Author Report Share Posted March 29, 2010 Interesants temats, kas it īpaši aktuāls tieši "mākoņu" palielināšanās dēļ: Host-proof Hosting sīkāk aprakstīta arī šeit Host-proof applications: doing it wrong un šeit aprakstīts šādas aplikācijas piemērs cryp.sr - a minimal host-proof cryptographic textpad - pati aplikācija - http://cryp.sr/ A host-proof cryptographic text pad. Patiks tiem, kam patika "Stateless session cookies" ;) Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted April 10, 2010 Author Report Share Posted April 10, 2010 Definitive PHP security checklist Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted April 10, 2010 Author Report Share Posted April 10, 2010 phpGACL - Generic Access Control Lists Summary:A PHP class offering Web developers a simple, yet immensely powerful "drop in" permission system to their current Web based applications. Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted May 21, 2010 Author Report Share Posted May 21, 2010 Securing PHP step-by-step Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted August 18, 2010 Author Report Share Posted August 18, 2010 Application Security Logging Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted September 9, 2010 Author Report Share Posted September 9, 2010 PHP Security Poster - Sektion Eins - A0 !!! Izmēra plakāts :) Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted October 1, 2010 Author Report Share Posted October 1, 2010 HTML5 Security Cheatsheet Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted July 5, 2011 Author Report Share Posted July 5, 2011 RIPS is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security Īss rakstiņš par šo rīku: toolsmith: RIPS - PHP static code analyzer Apakšā ir norāde uz garāku rakstu PDF formātā: RIPS: A static source code analyser for vulnerabilities in PHP scripts Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.