Linux Today: Linux News On Internet Time.

OWASP.org: A Guide to Building Secure Web Applications, Version 1.1

Sep 25, 2002, 07:00 (0 Talkback[s])

"The last two years have seen a significant surge in the amount of web application specific vulnerabilities that are disclosed to the public. No web application technology has shown itself invulnerable, and discoveries are made every day that affect both owners' and users' security and privacy.

"Security professionals have traditionally focused on network and operating system security. Assessment services have relied heavily on automated tools to help find holes in those layers. Today's needs are different, and different tools are needed. Despite this, the basic tennants of security design have not changed. This document is an attempt to reconcile the lessons learned in past decades with the unique challenges that the web provides.

"While this document doesn't provide a silver bullet to cure all the ills, we hope it goes a long way in taking the first step towards helping people understand the inherent problems in web applications and build more secure web applications and Web Services in the future..."

Complete Story

Related Stories: