Importance of Security
Comments: 2Everybody knows web application are now de facto standard in daily use. We go even further as we have more and more mobile devices.
We are building our apps in such a way we can access it from mobile phones, tablets and even e-book readers.
So nobody should be surprised that companies involved in web standards have published article focused on web application security.
- Google: Browser Security Handbook
- Google: Web Application Exploits and Defenses part one, part two , part three, part four, part five.
- Great live step by step tutorial on Gruyere application. It is challenging
- Mozilla : WebAppSec/Secure Coding Guidelines – Here are some quick wins.
- For all cookies set the HTTPOnly and Secure flag
- Make sure login pages are only served on HTTPS and all authenticated pages are only served on HTTPS
- Don’t trust any user data (input, headers, cookies etc). Make sure to validate it before using it
- Last but not least OWASP site is one of the best security information site.
Happy Hacking your apps
Comments
Thanks!
I also found this one interesting: http://stackoverflow.com/questions/549/the-definitive-guide-to-forms-based-website-authentication