| Article | Summary |
Top 10 Web Security Checklist  | The Web server administrators, Web developers, and Webmasters should take into consideration the following Top 10 Web Security Checklist: |
| PHPSecInfo | The idea behind PHPSecInfo is to provide an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach. |
|
|
| PHP Security Guide | The http://phpsec.org team has put together an excellent guide on how to secure PHP web applications . The guide addresses the top most critical PHP induced threats and risks and it presents detailed instructions on how to mitigate these risks |
| OWASP PHP Top 5 | This article is the underlying research behind the SANS Top 20 2005's PHP section. The methodology used in the preparation of this article is to review all Bugtraq postings containing the word "PHP" and categorize each unique flaw. The author analyzed the most popular flaws / attacks, and researched prevention techniques, resulting in this article. |
|
|
| AJAX Storage: A Look at Flash Cookies and IE Persistence | AJAX (Asynchronous JavaScript and XML) applications are constantly looking for ways to increase their performance. One obvious way to do this is to store more data locally, since data can be loaded from a local file much more quickly than it can be retrieved from a remote website.
Corey Benninger from FoundStone explains different storage options for AJAX.
|
| Application Security Hacking Videos | Joel R. Helgeson, President of Appiant, Inc. presents some videos of him hacking into some college web site. |
|
|
| Anti-Cross Site Scripting Library from Microsoft | For defence in depth, developers may wish to use the Microsoft Anti-Cross Site Scripting Library to encode output. This library differs from most encoding libraries in that it uses the "principle of inclusions" technique to provide protection against XSS attacks. |
| HTTP Request Smuggling | The HTTP Smuggling technique is performed by sending multiple specially crafted HTTP requests that cause two attacked entities to see two different sets of requests, allowing the hacker to smuggle a request to one device without the other device being aware of it. |
| Why Web services threats require application-level security | Hackers will always look for the most exposed victims; those that need the least extent of effort to attack. When nearly all networks built up their perimeter defense, hackers began to target Web applications. Now, with the introduction of application-layer firewalls, hackers are moving on to Web services.
|
| Web Application Firewall Evaluation Criteria | Web Application Firewalls (WAF) represent a new breed of information security technology that is designed to protect web sites (web applications) from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't. |
|
|
) Date (