OWASP Guide to Building Secure Web Applications
[Posted July 2, 2002 by dennis]
| From: |
| The Owasp Project <owasp@owasp.org> |
| To: |
| bugtraq@securityfocus.com |
| Subject: |
| Now Online OWASP Guide to Building Secure Web Applications |
| Date: |
| Tue, 25 Jun 2002 12:40:32 -0700 (PST) |
We are pleased to announce that the first release of
the Open Web Application Security Project Guide to
Building Secure Web Applications is now online in
both pdf (1.67Mb) and HTML.
The Guide covers various web application security
topics from architecture to preventing attack
specifics like cross site scripting, cookie
poisoning and SQL injection. Its 80 pages of pure
web application security and no vendor marketing in
sight! The document is released under the GNU
documentation license and was a community volunteer
effort. Big kudos to all those involved.
You can download the Guide from the front page at
http://www.owasp.org
This is just one of several projects underway
including an open source web application scanner
called WebScarab (due end of the year), a set of
generic APIs called Filters to allow developers to
easily protect their applications from malicious
input / output such as XSS (due in next 3 months)
and a formal testing methodology. Future projects
include an intentionally buggy application for
testing and learning, called WebMaven.
Oh, and did we mention its all open source and free !
If you like the work, want to contribute or have
suggestions for improvements, please drop us a mail.
owasp@owasp.org
The Open Web Application Security Project
http://www.owasp.org
