• Home
• Browser Viewer
• Cold Fusion
• CSS
• DotNET
• Java
• Lorem Ipsum
• Regular Expressions
• Rich Text Editors
• Security Resources
• Web Standards
• XML

Security Resources

We don't talk enough about security. We should. Here are a few things to get started:

• OWASP - the Open Web Application Security Project. Many, many good things here, including the must-read OWASP Top Ten and OWASP Guide
• Improving Web Application Security: Threats and Countermeasures - a fantastic document from Microsoft. About half is specific to .NET but the rest is applicable to web development in general.
• Threat Modeling Web Applications. Excellent.

.NET Security Resources

• MSDN Security Developer Center
• Building Secure ASP.NET Applications : Authentication, Authorization, and Secure Communication
• MSDN: Patterns and Practices : Security - A collection of books, including the aforementioned Building Secure ASP.NET Applications and the excellent Improving Web Application Security: Threats and Countermeasures
• FxCop - .NET code analysis tool.
• Patterns & Practices Application Guidance: Security
• http://www.owasp.net/ - OWASP with a .NET focus
• Patterns & Practices Security How Tos

PHP Security Resources

• PHP Security Consortium
• PHP Security Guide, based on Chris Shiflett's PHP Security (PDF). The most comprehensive security resource out there for PHP. If you read nothing else, read this. Much also has application to other platforms/languages, such as ASP.
• PHP Top 5 from OWASP
• A Study in Scarlet - a foundational article on common vulnerabilities in PHP apps and how to prevent them.
• WACT: Web Application Security

ColdFusion & Flash Security Resources

• http://www.adobe.com/devnet/security/
• Validating Browser Input At bottom of page check out cf_inputfilter amazing little script.

Other Resources

• Microsoft Security Development Lifecycle
• ThreatModeling
• MS patterns & practices security wiki
• Threats and Countermeasures wiki
• Web Application Security Consortium
• NSA Secure Configuration Guides
• SQL Injection By Example - a fabulous primer.
• ModSecurity resources page
• Handouts from SamBuchanan's presentation on web application security testing at the 2005 MnSCU IT Conference
• Sam Buchanan's talk on web application security at the MnSCU ITS conference 2004.