Sometimes you come across a gem you never knew existed and you get all giddy with excitement. (OK, giddy may not be the right word for you, but imagine me giddy.) In this case an email from Mike Waddingham pointed me to the OWASP web site. For those of you who don't know, OWASP is the Open Web Application Security Project and is a wiki site focused on "...improving the security of application software". Music to my ears.
There are a couple of documents that I wanted to point out to you:
- The OWASP Top Ten is a list of the ten most serious security problems with online applications. The PDF document can be downloaded free of charge.
- For those into a more secure application from the start, they offer a guide on building secure applications. You can view either the stable version or try the latest release.
- Or, if you've already built the application, you can review the code with their Code Review book. (Please note the free download, you don't need to buy the book unless you like paper-based books. I do but ... that's another post.)
Even if you just look through the Top Ten list to familiarize yourself with the tactics, you will be much farther ahead when you try to understand where your application may, or may not, be less robust than it should be.