Aleksejs Posted January 27, 2010 Author Report Posted January 27, 2010 Weaning the Web off of Session Cookies Making Digest Authentication Viable by Timothy D. Morgan AbstractIn this paper, we compare the security weaknesses and usability limitations of both cookiebased session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice. We propose several small changes in browser behavior and HTTP standards that will make HTTP authenti*cation schemes, such as digest authentication, a viable option in future application development. Quote
Aleksejs Posted February 10, 2010 Author Report Posted February 10, 2010 Impervas glossary of data security and compliance terms Quote
Aleksejs Posted February 11, 2010 Author Report Posted February 11, 2010 Vēl īpaši būt jāizceļ: OWASP]Guide to Building Secure Web Applications and Web Services Quote
Gints Plivna Posted February 19, 2010 Report Posted February 19, 2010 25 bīstamākās programmēšanas kļūdas Quote
2easy Posted February 20, 2010 Report Posted February 20, 2010 tikai tas VID "caurums" bija "by design" :D:D:D Quote
Aleksejs Posted February 20, 2010 Author Report Posted February 20, 2010 Kā jau tvītoju tieši šī Ginta pieminētā MITRE saraksta kontekstā: EDS caurumam ir šo kļūdu pazīmes: CWE-285; CWE-306; CWE-732 http://cwe.mitre.org/top25/ - šī gada top 25 kļūdas Quote
Aleksejs Posted March 29, 2010 Author Report Posted March 29, 2010 Tikko pamanīju drošības problēmu skeneri: WebSecurify Lūk divi raksti par to: Before You Go Live, Test Your Website Security With Websecurify WebSecurify – Finds Out Your Sites’ Vulnerabilities Protams, pieredzi un veselo saprātu neaizstās neviens rīks ;) Quote
Aleksejs Posted March 29, 2010 Author Report Posted March 29, 2010 Interesants temats, kas it īpaši aktuāls tieši "mākoņu" palielināšanās dēļ: Host-proof Hosting sīkāk aprakstīta arī šeit Host-proof applications: doing it wrong un šeit aprakstīts šādas aplikācijas piemērs cryp.sr - a minimal host-proof cryptographic textpad - pati aplikācija - http://cryp.sr/ A host-proof cryptographic text pad. Patiks tiem, kam patika "Stateless session cookies" ;) Quote
Aleksejs Posted April 10, 2010 Author Report Posted April 10, 2010 Definitive PHP security checklist Quote
Aleksejs Posted April 10, 2010 Author Report Posted April 10, 2010 phpGACL - Generic Access Control Lists Summary:A PHP class offering Web developers a simple, yet immensely powerful "drop in" permission system to their current Web based applications. Quote
Aleksejs Posted August 18, 2010 Author Report Posted August 18, 2010 Application Security Logging Quote
Aleksejs Posted September 9, 2010 Author Report Posted September 9, 2010 PHP Security Poster - Sektion Eins - A0 !!! Izmēra plakāts :) Quote
Aleksejs Posted July 5, 2011 Author Report Posted July 5, 2011 RIPS is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security Īss rakstiņš par šo rīku: toolsmith: RIPS - PHP static code analyzer Apakšā ir norāde uz garāku rakstu PDF formātā: RIPS: A static source code analyser for vulnerabilities in PHP scripts Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.