Here are some useful OWASP resources. First, highly recommended reading:
which connects to a bunch of useful resources.
OWASP has recorded some vulnerabilities which may have not otherwise been given CVE numbers. If there is a single server or owning site, web app vulnerabilities may be short-lived, repaired quickly and not announced by site owners:
These OWASP resources include advice for the Broken Authentication risk category considered in this lecture:
The lecture slides also pointed to two recent pieces of government advice:
Some examples were adapted from:
as well as the OWASP resources and named RFCs.
Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail: school-office@inf.ed.ac.uk Please contact our webadmin with any comments or corrections. Logging and Cookies Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh |