Hands-on Web Security

When it comes to application security, you can usually tell people who have actually exploited vulnerabilities from those who have only a conceptual grasp of the subject.  Seeing exploits in action goes a long way towards making security issues real. So I've started a series of short tutorials called Hands-on Web Security using live, exploitable vulnerabilities to illustrate the concepts behind them. I hope to cover the major types of flaws afflicting web apps, one per article. Each flaw will have an explanation of the problem, live holes to be exploited, and recommendations on how to avoid the problem.

By the way, the fine people at OWASP have an application along those lines. It's called the Web Goat Project. The main difference is that you have to download it and run it on your computer, and it's geared towards security people and more advanced exploitation, whereas my stuff is geared towards developers and architects.

Comments

• Find It

• Recently Written

  • CPU Rings, Privilege, and Protection
  • Memory Translation and Segmentation
  • Certification Demand and Quality
  • Lucky to be a Programmer
  • The Kernel Boot Process
  • How Computers Boot Up
  • Motherboard Chipsets and the Memory Map
  • Of Aviation Crashes and Software Bugs
  • Why Brazil Loves Linux
  • WordPress up and running

• Categories

  • Internals
  • Linux
  • Meta
  • Productivity
  • Programming
  • Security
  • Software Illustrated
  • Sysadmin

• Monthly Archives

  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008

Copyright © 2008 Gustavo Duarte • Using Cangaço, based on Dropshadow theme by Brian Gardner