[thelist] Securing a Web Application

Ken Schaefer Ken at adOpenStatic.com
Thu Oct 20 21:50:53 CDT 2005


Cross-Site-Scripting is probably the next "big" thing in vulnerabilities, now
that SQL Injection (at least the more primitive ones) have been identified
and publicized.

Check out OWASP (Open Web Application Security Project) (www.owasp.org)

Cheers
Ken

> -----Original Message-----
> From: thelist-bounces at lists.evolt.org.uk [mailto:thelist-
> bounces at lists.evolt.org.uk] On Behalf Of Dena Marchant
> Sent: Friday, 21 October 2005 3:10 AM
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] Securing a Web Application
> 
> I will check out the resources mentioned.
> 
> To be a bit more specific, while I want to develop better knowledge of
> overall
> security issues and best practices in this area, I also need to know how
> to
> correctly
> handle user login.
> 
> Is it enough to check username and password against:
> 1.  values in a database and using a stored procedure
> 2. values in a file
> 
> Is there a better way?  On a scale of 1 to 5, level of  security needed
> would be 3 or 4.
> 
> Thanks again for your help.
> 
> ----- Original Message -----
> From: "Ken Moore" <psm2713 at hotmail.com>
> To: <thelist at lists.evolt.org>
> Sent: Tuesday, October 18, 2005 7:58 PM
> Subject: RE: [thelist] Securing a Web Application
> 
> 
> > Hi all,
> >
> > Dena Marchant asked:
> >>  where I can go and get up to speed on the issues of securing a web
> >>application on an apache platform.
> >
> > The answers have been hit and miss at best. My answer would be this. If
> no
> > real harm can be done, go ahead and learn the best you can. If yours or
> a
> > clients' data/info is involved, get someone who knows how to set up
> > security and learn from them.
> >
> > Ken




More information about the thelist mailing list