Defensive Web Programming

These are the guys teaching the courst on Defensive Web Programming

Tags: Development, WebDesign, Consultants on 2008-07-22 -All Annotations (0) -About

more fromwww.securityinnovation.com

Paros is for people who need to evaluate the security of their web applications. Which is a proxy that allows you to intercept and modify all HTTP and HTTPS data for the purposes of testing.

Tags: Apps, iNet, Development, Scanner, Web, Security, Proxy, Free, DevTools on 2008-07-22 and saved by11 people -All Annotations (2) -About

more fromwww.parosproxy.org

Asp.Net forum post announcing the Anti-Cross Site Scripting (XSS) library from Microsoft, with links to downloa.d and documentation

Tags: Development, WebDesign, Asp.Net, XSS, Library, Microsoft, Defensive, Hacking on 2008-07-22 -All Annotations (0) -About

more fromforums.asp.net

OWASP CSRF Guard - protects a web application from Cross-Site Request Forgery attacks through the use of a unique random request token...

Tags: Developmen, WebDesign, Security, Debugging, Testing on 2008-07-22 -All Annotations (0) -About

more fromwww.owasp.org

This URL is blocked by the Xerox proxy... but it's the home of the napkin app shown during class on Tuesday.

Tags: Napkin, URLEncode, Base64 on 2008-07-23 -All Annotations (0) -About

more fromwww.0x90.org

A web-based alternative to Napkin for encoding strings...

Tags: Development, Encoding, Apps, Tools, HackerTools, Defensive on 2008-07-23 and saved by3 people -All Annotations (0) -About

more fromtools.web-max.ca

The Reform library provides a solid set of functions for encoding output for the most common context targets in web applications (e.g. HTML, XML, JavaScript, etc). The library also takes a conservative view of what are allowable characters based on historical vulnerabilities, and current injection techniques.

Tags: Development, WebDesign, CrossPlatform, XSS on 2008-07-23 -All Annotations (0) -About

more fromwww.owasp.org

Holodeck - allows you to simulate faults like out-of-memory, high latency, etc, and in geneal take full control over a simulated windows and .net API environment to test your applications.

Tags: Development, Debugging, FaultInjection, Windows on 2008-07-23 and saved by2 people -All Annotations (0) -About

more fromwww.securityinnovation.com

Tags: @Xerox, CERT, Guidelines on 2008-07-23 and saved by6 people -All Annotations (0) -About

more fromwww.securecoding.cert.org

Tags: Guidelines, @Xerox, CodeProject on 2008-07-23 -All Annotations (0) -About

more fromwww.codeproject.com

Tags: @Xerox, Guidelines, OWASP, Security on 2008-07-23 -All Annotations (0) -About

more fromwww.owasp.org

John's blog ...

Tags: Blog, Security on 2008-07-23 -All Annotations (0) -About

more fromblogs.csoonline.com

Tags: Reference, Guidelines, Development, @Xerox on 2008-07-23 -All Annotations (0) -About

more fromxww.docushare-innovation.world.xerox.com

The vulnerability scanning program is an integral part of the information security risk assessment process. Scans are conducted against environmental components: servers (OS), databases, and web applications. Vulnerability scanning may be conducted from an internal or external location to identify weaknesses within the environment and mitigate against them before they can be exploited.

Tags: @Xerox, XIM, Vulnerability, Security, Scanner, Apps on 2008-07-23 -All Annotations (0) -About

more fromxww.internal.world.xerox.com

Tags: Development, Guidelines, Security on 2008-07-23 and saved by2 people -All Annotations (0) -About

more fromiase.disa.mil

Tags: Development, Security, Guidelines, NIST on 2008-07-23 and saved by5 people -All Annotations (0) -About

more fromcsrc.nist.gov