[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [WEB SECURITY] Secure coding guidelines

From: "Ory Segal" <osegal@xxxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] Secure coding guidelines
Date: Fri, 11 Aug 2006 22:59:59 +0300
------_=_NextPart_001_01C6BD80.BDC1DB4E
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

.NET: http://msdn2.microsoft.com/en-us/library/d55zzx87.aspx
ASP.NET: http://msdn2.microsoft.com/en-us/library/ssd9kbbc.aspx
Threat Modeling Web Applications:
http://msdn.microsoft.com/library/default.asp?url=3D/library/en-us/dnpag2=
/
html/tmwa.asp
ASP.NET Security: 8 Ways to Avoid Attack:
http://www.devx.com/security/Article/20898
=20
=20
PHP: http://www.ilovejackdaniels.com/php/writing-secure-php/
PHP: http://www.onlamp.com/pub/a/php/2003/03/20/php_security.html
PHP: http://www.tutorialized.com/tutorial/Writing-Secure-PHP-Code/1226
=20
Java:
http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html
Java:
http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index.html
Java:
http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html
Java/Struts:
http://www.onjava.com/pub/a/onjava/2004/02/18/strutssecurity.html
=20
Perl: http://www.oreilly.com/catalog/cgi2/chapter/ch08.html
=20
=20
There's a very good list of books on the subject of application security
at: http://www.webappsec.org/web_security_books.shtml
=20
=20
=20
Hope this helps.
=20
Ory Segal
Director of Security Research
Watchfire (Israel) LTD.
Tel: +972-9-9586077, Ext.236
Mobile: +972-54-7739359
e-mail: osegal@watchfire.com <mailto:osegal@watchfire.com>=20

=20

________________________________

From: Anurag Agarwal [mailto:a_agrawwal@yahoo.com]=20
Sent: Friday, August 11, 2006 9:51 PM
To: websecurity@webappsec.org
Subject: [WEB SECURITY] Secure coding guidelines



How about a list of sites which contains secure coding guidelines for
java, ASP, python, php, etc?

anybody know of any?

=20

anurag


------_=_NextPart_001_01C6BD80.BDC1DB4E
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<STYLE type=3Dtext/css>DIV {
	MARGIN: 0px
}
</STYLE>

<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =
size=3D2>.NET:=20
<A=20
href=3D"http://msdn2.microsoft.com/en-us/library/d55zzx87.aspx";>http://ms=
dn2.microsoft.com/en-us/library/d55zzx87.aspx</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2>ASP.NET: <A=20
href=3D"http://msdn2.microsoft.com/en-us/library/ssd9kbbc.aspx";>http://ms=
dn2.microsoft.com/en-us/library/ssd9kbbc.aspx</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =
size=3D2>Threat=20
Modeling Web Applications: <A=20
href=3D"http://msdn.microsoft.com/library/default.asp?url=3D/library/en-u=
s/dnpag2/html/tmwa.asp">http://msdn.microsoft.com/library/default.asp?url=
=3D/library/en-us/dnpag2/html/tmwa.asp</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2>ASP.NET Security: 8 Ways to Avoid Attack: <A=20
href=3D"http://www.devx.com/security/Article/20898";>http://www.devx.com/s=
ecurity/Article/20898</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =
size=3D2>PHP:=20
<A=20
href=3D"http://www.ilovejackdaniels.com/php/writing-secure-php/";>http://w=
ww.ilovejackdaniels.com/php/writing-secure-php/</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =
size=3D2>PHP:=20
<A=20
href=3D"http://www.onlamp.com/pub/a/php/2003/03/20/php_security.html";>htt=
p://www.onlamp.com/pub/a/php/2003/03/20/php_security.html</A></FONT></SPA=
N></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =
size=3D2>PHP:=20
<A=20
href=3D"http://www.tutorialized.com/tutorial/Writing-Secure-PHP-Code/1226=
">http://www.tutorialized.com/tutorial/Writing-Secure-PHP-Code/1226</A></=
FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =
size=3D2>Java:=20
<A=20
href=3D"http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules=
.html">http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.=
html</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =
size=3D2>Java:=20
<A=20
href=3D"http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index.=
html">http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index.ht=
ml</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =
size=3D2>Java:=20
<A=20
href=3D"http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index1=
.html">http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index1.=
html</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2>Java/Struts: <A=20
href=3D"http://www.onjava.com/pub/a/onjava/2004/02/18/strutssecurity.html=
">http://www.onjava.com/pub/a/onjava/2004/02/18/strutssecurity.html</A></=
FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =
size=3D2>Perl:=20
<A=20
href=3D"http://www.oreilly.com/catalog/cgi2/chapter/ch08.html";>http://www=
.oreilly.com/catalog/cgi2/chapter/ch08.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2>There's a very good list of books on the subject of application =
security=20
at: <A=20
href=3D"http://www.webappsec.org/web_security_books.shtml";>http://www.web=
appsec.org/web_security_books.shtml</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =
size=3D2>Hope=20
this helps.</FONT></SPAN></DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D187444019-11082006><FONT face=3DArial size=3D2><FONT=20
color=3D#0000ff><STRONG>Ory Segal<BR></STRONG></FONT><EM>Director of =
Security=20
Research</EM><BR>Watchfire (Israel) LTD.<BR>Tel: +972-9-9586077,=20
Ext.236<BR>Mobile: +972-54-7739359<BR>e-mail: </FONT><A=20
title=3Dmailto:osegal@watchfire.com =
href=3D"mailto:osegal@watchfire.com";><FONT=20
title=3Dmailto:osegal@watchfire.com face=3DArial=20
size=3D2>osegal@watchfire.com</FONT></A><BR></DIV>
<DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff=20
size=3D2></FONT>&nbsp;</DIV></SPAN><BR>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Anurag Agarwal=20
[mailto:a_agrawwal@yahoo.com] <BR><B>Sent:</B> Friday, August 11, 2006 =
9:51=20
PM<BR><B>To:</B> websecurity@webappsec.org<BR><B>Subject:</B> [WEB =
SECURITY]=20
Secure coding guidelines<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV=20
style=3D"FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, =
serif">
<P>How about a list of sites which contains secure coding guidelines for =
java,=20
ASP, python, php, etc?</P>
<P>anybody know of any?</P>
<P>&nbsp;</P>
<P>anurag</P></DIV></BODY></HTML>

------_=_NextPart_001_01C6BD80.BDC1DB4E--
Follow-Ups:
- Re: [WEB SECURITY] Secure coding guidelines
  - From: Anurag Agarwal
Prev by Date: Re: [WEB SECURITY] Top sites for Application security news
Next by Date: [WEB SECURITY] Web app ? : Lieberman's site
Previous by thread: [WEB SECURITY] Top sites for Application security news
Next by thread: Re: [WEB SECURITY] Secure coding guidelines
Index(es):
- Date
- Thread
Brought to you by http://www.webappsec.org
Search this site