Web application security
Daily, Jeff A
jeff.daily at pnl.gov
Thu Apr 26 10:58:04 PDT 2007
All:
I've seen so much correspondence about security lately that I felt
compelled to share my experience. There are a few organizations that
exist specifically targeting Web application security. My personal
favorite would have to be www.owasp.org. As a first step I'd recommend
reading their Top Ten Project
(http://www.owasp.org/index.php/OWASP_Top_Ten_Project), which lists ten
Web application security vulnerabilities in detail, including how to
check if you're vulnerable and how to protect yourself.
In my opinion, this list and its suggest practices should be adopted as
a minimal standard. It has many users and adopters including the
government, major corporations, and universities as part of their
curriculum. Many if not most of the attacks on this list are technology
agnostic, so they could potentially apply to both Server3 and Hyrax.
Jeff
More information about the Opendap-tech
mailing list