Top : Computers : Security : Internet :
WWW
Categories
| Browsers @ Java @ Spyware and Adware @ Web Application Firewalls @ |
Websites
Includes securing your server, protecting confidential documents on your site, safe CGI programming, client security, and privacy.
http://www.w3.org/Security/Faq/
This paper describes how many small business claim to be offering a secure order form, when in fact, they really are not. The paper shows how the insecurity occurs, and offers a few solutions to the problem.
http://www.jsweb.net/paper.htm
This site is designed to help user to learn about what kinds of security risks exist and how to prevent them from happening.
http://www.cgisecurity.com/
By clicking on maliciously formed HTML tags users can unknowingly perform undesirable actions.
http://www.zope.org/Members/jim/ZopeSecurity/ClientSideTrojan
Provides technical how to information and links to other security resources.
http://www.microsoft.com/technet/security/web.asp
An advisory detailing a vulnerability that has been discovered in the NCSA WWW server software (httpd).
http://www.ciac.org/ciac/bulletins/f-11.shtml
Detect security failures on any kind of web sites.
http://www.accessdiver.com
Lists potential privacy issues or security holes created by Shockwave and solutions for them.
site exerpt
Shockwave Internet Security Alert There are three potential security holes through Shockwave. All three require Shockwave, and all three are fixed with a Security Fix from Macromedia, issued 3/19/97. Information in your email, on your hard drive or on your corporate intranet could all...Using IIS to configure and maintain Web security.
http://msdn.microsoft.com/workshop/server/iis/Websec.asp
Collection of original articles.
http://www.w3j.com/7/
Demonstrations of security risks and advice for safe use of a web browser.
http://www.swcp.com/~mccurley/danger/danger.html
Covers basic privacy issues.
http://www.w3schools.com/site/site_security.asp
Total Simplicity is a full on technical company providing hosting, custom programming, security, and online stores.
http://www.totalsimplicity.com
WebAlarm anti web defacement software.
http://www.duoworks.com
How to build, design and test the security of web appplications and web services
http://www.owasp.org
Full text of a paper discussing an 'attack' that threatens both privacy and data integrity. Written by Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach. Available in various formats including PDF and Postscript.
http://www.cs.princeton.edu/sip/WebSpoofing/
Software for automatic security and functionality testing of web sites. Record and replay your web surfing, form filling and downloading. Supports command line options via batch files, scripts and windows task scheduler.
http://www.internetmacro.com
Michal Zalewski theorizes how Web crawlers can be exploited to inadvertently attack remote systems.
http://www.phrack.org/show.php?p=57&a=10
Free application for remote vulnerability discovery in unknown CGI scripts. Includes mailing list, documentation, news, and source code.
http://cobra.LucidX.com/
Protects a web site from defacement and automatically repairs hacked pages.
http://www.lockstep.com/products/webagain/wa-product.html
Article on website hacking covering footprinting, IP scanning and an example IIS hack. Also has computer security weblog and an overview of BS7799.
http://www.northfell.com/
Book that covers how to hack web applications, and how to secure against the attacks detailed. Author profiles, links to tools referenced in the book and reviews.
http://www.webhackingexposed.com/