Hands-on Web Security
When it comes to application security, you can usually tell people who have actually exploited vulnerabilities from those who have only a conceptual grasp of the subject. Seeing exploits in action goes a long way towards making security issues real. So I've started a series of short tutorials called Hands-on Web Security using live, exploitable vulnerabilities to illustrate the concepts behind them. I hope to cover the major types of flaws afflicting web apps, one per article. Each flaw will have an explanation of the problem, live holes to be exploited, and recommendations on how to avoid the problem.
By the way, the fine people at OWASP have an application along those lines. It's called the Web Goat Project. The main difference is that you have to download it and run it on your computer, and it's geared towards security people and more advanced exploitation, whereas my stuff is geared towards developers and architects.
February 11, 2008 at 1:10 am | Filed Under Security
Subscribe to blog
Comments
3 Responses to “Hands-on Web Security”
Leave a Reply
very nice article. Looking for such a hands-on-web-security one. Looking for more such articles.
Great Article. I was wondering if you had any advice if a programmer like myself wanted to learn about web security and do what “hackers” do but only for me to know what it’s like. I want to learn to do the type of stuff on the Social Network. Exact scene: when the students were competing to see who could get past campus security etc. Thanks in Advance
Hey,
I loved your computer “Internals” series of articles! Thank you for writing them.
I was wondering if you took down your Security articles or moved it somewhere because I am getting 404 not found.
Thanks again,
Kunjan Kshetri.