Recent Entries
Popular articles
Topics
Recommended links

RSS icon Subscribe

» View my profile
Technorati

del.icio.us My links on del.icio.us

Tags
analysis antivirus application security auditing botnets breaches compliance crime cryptography DNS encryption forensics humor interesting Linux Malware marketing network pdf pentest phishing php Privacy rant reference software ssl standards sysadmin tool tools trends ubuntu Virtualization virtualization security vmware vulnerabilities vulnerability+assessment web web application security webappsec web security windows Windows security xss

Archive for 'Web security' Category

« Previous PageNext Page »

Month of PHP bugs summary

12 April 2007

Well, the "Month of PHP Bugs" has concluded, exposing 41 security issues in the PHP web development language. Some don’t agree with this method of publishing vulnerabilities, but sometimes it’s necessary to help developers focus on security. Embarrassment is an highly effective motivator. Personally I think this was sorely need for PHP and Stefan Esser [...]

Read the rest of this entry...
 

Posted by D Webber Filed in Web security
Comments Off

Extended Validation SSL ineffective?

27 January 2007

A quick follow-up to a previous post about the new “Extended Validation / high assurance” SSL certificates that SSL vendors are selling at a premium and are now supported in some web browsers like MS Internet Explorer 7. Researchers are Stanford University have published the results of a study (PDF) showing that use of these [...]

Read the rest of this entry...
 

Posted by D Webber Filed in Web security
Comments Off

Hardening PHP servers with suhosin

9 November 2006

PHP is extremely popular for small-scale web application development. However, PHP has a long history of major security problems and applications written in PHP tend to have their own major security holes. As much as security administrators might like to ban PHP from their web servers, we can’t… it’s far too popular. The Hardened PHP project [...]

Read the rest of this entry...
 

Posted by D Webber Filed in Web security
Comments Off

Secure web development teaching resources

25 October 2006

Web developers have it tough. Just getting the basic functions of an application working reliably in the stateless, ever-changing, browser bug infested environment of the web is challenging enough. There’s not much time to also keep up to date on security issues. I’ve written and delivered security courses for web developers and coming up with [...]

Read the rest of this entry...
 

Posted by D Webber Filed in Best practices, Education, Web security
Comments Off

High assurance SSL certificates

25 October 2006

Verisign and browser vendors have been working on a “high assurance / extended validation” type of SSL certificate. I just learned about this from an article at The Register where a Verisign exec is complaining about Mozilla. The idea behind this “new” type of SSL certificate is that it has a field indicating the certificate [...]

Read the rest of this entry...
 

Posted by D Webber Filed in Web security
Comments Off

« Previous PageNext Page »


Article contents copyright © Advosys Consulting Inc. Comments are copyright of the author
Icons courtesy Wikimedia Commons and are copyright of their authors.