Search:

Java Answers

Ask Question UnAnswered

Home » Forum » Java

RSS Feeds

Question Asked By: Alex Meyer on Oct 10 In Java Category.

Open Source Portals in Java

Question Answered By: Rickey Scott on Oct 10

About the OWASP Guide
The OWASP Guide to Building Secure Web Applications v2 is now
released. Its release was announced at Black Hat in Las Vegas in
late July 2005. This new version of the OWASP Guide is a major
overhaul of the original document, containing nearly three times as
much material.

The original OWASP Guide had become a staple diet for many web
security professionals. Since 2002, the initial version was
downloaded over 2 million times. Today, the Guide is referenced by
many leading government, financial, and corporate standards and is
the Gold standard for web application security.
The Guide is aimed at architects, developers, consultants and
auditors and is a comprehensive manual for designing, developing and
deploying secure web applications. Among the 28 chapters and around
210 pages, some of the highlights include:

An Overview – describing what web applications and web services are.

How Much Security Do You Really Need ? – explaining how to assess
the security need and perform risk assessments.

Phishing - Peer reviewed technical and process controls to reduce
the risk from this most insidious form of fraud.

Architecture – Discussion on how Architecture considerations can
ensure security where it's needed.

Authentication – Describes the different types of authentication
possible and the common problems.

Authorization – Describes access control concepts.

Session Management – Describes the right way to manage sessions and
generate session tokens.

Audit, Traceability and Logging – Describes what to log and how to
log user and system events.

Data Validation – Describes strategies for dealing with unexpected
input and what you need to block.

Injections - includes all form of injections: SQL, XML, LDAP, ORM,
code, user agent (includes XSS) and more.

Privacy – Discusses privacy issues that may face your application.

Cryptography – How to use cryptography and describes some common
mistakes.

File system - how to protect your most sensitive of files from being
destroyed or made visible.

Canocalization and Unicode issues

Deployment, Configuration, and more

In total, the new guide is nearly three times as long, but has
nearly 10 times as many controls as the OWASP Guide 1.1.1. This
major new release brings OWASP to the forefront of web application
security research

This Question has 2 more answer(s). View Complete Question Thread

Didn't find what you were looking for? Find more on Open Source Portals in Java Or get search suggestion and latest updates.

RSS Feeds:	Articles \| Forum \| New Users \| Activities \| Interview FAQ \| Poll \| Hotlinks
Social Networking:	Hall of Fame \| Facebook \| Twitter \| LinkedIn
Terms:	Terms of Use \| Privacy Policy \| Contact us