[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Secure coding guidelines

From: Anurag Agarwal <a_agrawwal@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Secure coding guidelines
Date: Fri, 11 Aug 2006 14:29:49 -0700 (PDT)
--0-1333095697-1155331789=:76654
Content-Type: text/plain; charset=us-ascii

thanks a bunch. you guys are awesome :)


----- Original Message ----
From: Ory Segal <osegal@watchfire.com>
To: Anurag Agarwal <a_agrawwal@yahoo.com>; websecurity@webappsec.org
Sent: Friday, August 11, 2006 12:59:59 PM
Subject: RE: [WEB SECURITY] Secure coding guidelines


.NET: http://msdn2.microsoft.com/en-us/library/d55zzx87.aspx
ASP.NET: http://msdn2.microsoft.com/en-us/library/ssd9kbbc.aspx
Threat Modeling Web Applications: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/tmwa.asp
ASP.NET Security: 8 Ways to Avoid Attack: http://www.devx.com/security/Article/20898
 
 
PHP: http://www.ilovejackdaniels.com/php/writing-secure-php/
PHP: http://www.onlamp.com/pub/a/php/2003/03/20/php_security.html
PHP: http://www.tutorialized.com/tutorial/Writing-Secure-PHP-Code/1226
 
Java: http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html
Java: http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index.html
Java: http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html
Java/Struts: http://www.onjava.com/pub/a/onjava/2004/02/18/strutssecurity.html
 
Perl: http://www.oreilly.com/catalog/cgi2/chapter/ch08.html
 
 
There's a very good list of books on the subject of application security at: http://www.webappsec.org/web_security_books.shtml
 
 
 
Hope this helps.
 
Ory Segal
Director of Security Research
Watchfire (Israel) LTD.
Tel: +972-9-9586077, Ext.236
Mobile: +972-54-7739359
e-mail: osegal@watchfire.com

 




From: Anurag Agarwal [mailto:a_agrawwal@yahoo.com] 
Sent: Friday, August 11, 2006 9:51 PM
To: websecurity@webappsec.org
Subject: [WEB SECURITY] Secure coding guidelines


How about a list of sites which contains secure coding guidelines for java, ASP, python, php, etc?
anybody know of any?
 
anurag
--0-1333095697-1155331789=:76654
Content-Type: text/html; charset=us-ascii

<html><head><style type="text/css"><!-- DIV {margin:0px} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">thanks a bunch. you guys are awesome :)<BR><BR>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">----- Original Message ----<BR>From: Ory Segal &lt;osegal@watchfire.com&gt;<BR>To: Anurag Agarwal &lt;a_agrawwal@yahoo.com&gt;; websecurity@webappsec.org<BR>Sent: Friday, August 11, 2006 12:59:59 PM<BR>Subject: RE: [WEB SECURITY] Secure coding guidelines<BR><BR>
<STYLE type=text/css>DIV {
MARGIN:0px;}
</STYLE>

<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>.NET: <A id=bodyLinks href="http://msdn2.microsoft.com/en-us/library/d55zzx87.aspx"; target=_blank rel=nofollow>http://msdn2.microsoft.com/en-us/library/d55zzx87.aspx</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>ASP.NET: <A id=bodyLinks href="http://msdn2.microsoft.com/en-us/library/ssd9kbbc.aspx"; target=_blank rel=nofollow>http://msdn2.microsoft.com/en-us/library/ssd9kbbc.aspx</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>Threat Modeling Web Applications: <A id=bodyLinks href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/tmwa.asp"; target=_blank rel=nofollow>http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/tmwa.asp</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>ASP.NET Security: 8 Ways to Avoid Attack: <A id=bodyLinks href="http://www.devx.com/security/Article/20898"; target=_blank rel=nofollow>http://www.devx.com/security/Article/20898</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>PHP: <A id=bodyLinks href="http://www.ilovejackdaniels.com/php/writing-secure-php/"; target=_blank rel=nofollow>http://www.ilovejackdaniels.com/php/writing-secure-php/</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>PHP: <A id=bodyLinks href="http://www.onlamp.com/pub/a/php/2003/03/20/php_security.html"; target=_blank rel=nofollow>http://www.onlamp.com/pub/a/php/2003/03/20/php_security.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>PHP: <A id=bodyLinks href="http://www.tutorialized.com/tutorial/Writing-Secure-PHP-Code/1226"; target=_blank rel=nofollow>http://www.tutorialized.com/tutorial/Writing-Secure-PHP-Code/1226</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>Java: <A id=bodyLinks href="http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html"; target=_blank rel=nofollow>http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>Java: <A id=bodyLinks href="http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index.html"; target=_blank rel=nofollow>http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>Java: <A id=bodyLinks href="http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html"; target=_blank rel=nofollow>http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>Java/Struts: <A id=bodyLinks href="http://www.onjava.com/pub/a/onjava/2004/02/18/strutssecurity.html"; target=_blank rel=nofollow>http://www.onjava.com/pub/a/onjava/2004/02/18/strutssecurity.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>Perl: <A id=bodyLinks href="http://www.oreilly.com/catalog/cgi2/chapter/ch08.html"; target=_blank rel=nofollow>http://www.oreilly.com/catalog/cgi2/chapter/ch08.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>There's a very good list of books on the subject of application security at: <A id=bodyLinks href="http://www.webappsec.org/web_security_books.shtml"; target=_blank rel=nofollow>http://www.webappsec.org/web_security_books.shtml</A></FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2>Hope this helps.</FONT></SPAN></DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=187444019-11082006><FONT face=Arial size=2><FONT color=#0000ff><STRONG>Ory Segal<BR></STRONG></FONT><EM>Director of Security Research</EM><BR>Watchfire (Israel) LTD.<BR>Tel: +972-9-9586077, Ext.236<BR>Mobile: +972-54-7739359<BR>e-mail: </FONT><A id=bodyLinks title=mailto:osegal@watchfire.com href="mailto:osegal@watchfire.com"; target=_blank rel=nofollow><FONT title=mailto:osegal@watchfire.com face=Arial size=2>osegal@watchfire.com</FONT></A><BR></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2></FONT>&nbsp;</DIV></SPAN><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Anurag Agarwal [mailto:a_agrawwal@yahoo.com] <BR><B>Sent:</B> Friday, August 11, 2006 9:51 PM<BR><B>To:</B> websecurity@webappsec.org<BR><B>Subject:</B> [WEB SECURITY] Secure coding guidelines<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<P>How about a list of sites which contains secure coding guidelines for java, ASP, python, php, etc?</P>
<P>anybody know of any?</P>
<P>&nbsp;</P>
<P>anurag</P></DIV></DIV><BR></DIV></div></body></html>
--0-1333095697-1155331789=:76654--
References:
- RE: [WEB SECURITY] Secure coding guidelines
  - From: Ory Segal
Prev by Date: RE: [WEB SECURITY] Secure coding guidelines
Next by Date: [WEB SECURITY] Bypassing script filters with variable-width encodings
Previous by thread: RE: [WEB SECURITY] Secure coding guidelines
Next by thread: RE: [WEB SECURITY] Secure coding guidelines
Index(es):
- Date
- Thread
Brought to you by http://www.webappsec.org
Search this site