Re: Web Security

From: Ken Schaefer (kenRMV@THISadOpenStatic.com)
Date: 08/13/02

Next message: JH Shao: "RE: Get Client Certificate on non-English System Locale Server"
Previous message: Ken Schaefer: "Re: Just a resource to share - Secure Win 2K using HotFixes"
In reply to: karl [x y]: "Re: Web Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Ken Schaefer" <kenRMV@THISadOpenStatic.com>
Date: Tue, 13 Aug 2002 13:09:47 +1000

There are also some good email lists.

Try webAppSec at www.securityfocus.com (this deals with securing web
applications, eg against cross-site scripting attacks and SQL Injection
attacks). Also, you might want to sign up for www.ntbugtraq.com, the
Microsoft bulletin service, and maybe focus-ms (also at
www.securityfocus.com) for info on securing your servers.

This is an excellent resource for securing web apps, developed by the people
on the webappsec list:
http://www.owasp.org/

Cheers
Ken

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"karl [x y]" <jamescagney90210@excite.com> wrote in message
news:O8XlG0fQCHA.2752@tkmsftngp10...
> "Ananth" <Ananth.S@in.bosch.com> wrote in message
> news:aj84sa$b53$1@ns2.fe.internet.bosch.com...
> > Hi,
> >
> > Can someone give me pointers to Web Security. The context is as follows.
> We
> > have developed a web application over our intranet. We need to ensure in
> all
> > means that the data & pages is secure. How can I ensure this.
> >
> > Currently we have just have one security. Userwill be able to logon only
> > from the logon page. He cannot get into any page without logging on.
> >
> > Please suggest as to what else I can do to ensure security. ( I am new
to
> > the area of Web Security)
>
> If you're new, and security is important, you should get some help from
> someone else or a consultant that knows her stuff.  Some of the following
> resources are good introductions to securing a web server and the network
> that delivers it... however most of these resources don't do much to
discuss
> application security [programming .ASP pages, adding a database, etc.]
>
> - www.microsoft.com/security [including all security patches and
IISlockdown
> / URLscan]
> - other posts in this newsgroup
> - the books Hacking Exposed 3rd edition and Incident Response
>
>
>
>

Next message: JH Shao: "RE: Get Client Certificate on non-English System Locale Server"
Previous message: Ken Schaefer: "Re: Just a resource to share - Secure Win 2K using HotFixes"
In reply to: karl [x y]: "Re: Web Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Naming Scheme HELLP :)
... I once used # sign in front of all email lists ... Security Groups should be named after the FUNCTION of the People ... involved for Global Groups and the PURPOSE of the resources for ... SalesPeople HumanResourcesPersonnel Secretaries Deverlopers ...
(microsoft.public.windows.server.active_directory)
Article Announcement: Detection of SQL Injection and Cross-site Scripting Attacks
... Detection of SQL Injection and Cross-site Scripting Attacks ... This article discusses techniques to detect SQL Injection and Cross Site ... Astaro Security Linux, the comprehensive security solution that combines six ...
(Focus-Microsoft)
New article annnouncement (2)
... The following two articles were published on SecurityFocus today: ... Detection of SQL Injection and Cross-site Scripting Attacks ... This article discusses techniques to detect SQL Injection and Cross Site ... Security Linux, the comprehensive security solution that combines six ...
(Incidents)