Posted by Gary L. Burnore on 02/12/06 03:14

On Sun, 12 Feb 2006 01:56:19 +0100, Dikkie Dik <nospam@nospam.org>
wrote:

>This book has some nice examples:
>http://innocentcode.thathost.com/
>

What's with the rash of top posters?


>Best regards
>
>Maxim Vexler wrote:
>> Hello
>>
>> I'm looking for reading materials to educate myself on the security
>> measures that should be taken to build a secure web site.
>>
>> What I'm referring to is web sites like the following :
>> 1. http://www.securiteam.com/securityreviews/5DP0N1P76E.html
>> 2. http://www.unixwiz.net/techtips/sql-injection.html
>> 3. http://www.cgisecurity.com/articles/xss-faq.shtml
>>
>> That would demonstrate to me real "bad" code and the way it can be
>> exploited on my site.
>>
>> A references to bugzilla / mailing lists of open source projects to
>> learn from them how to apply security would also be great IMHO.
>>
>> The main security concern I seem to be unable to find good
>> documentations are:
>>
>> 1. SQL injection in the Unicode character maps; possibly a table that
>> would summarize all the characters to avoid / filter out from web
>> forms.
>> 2. (in)Correct usage of php functions.
>>
>>
>> I know my question is general and yet I would very much appreciate
>> references / recommendation on reading material, as learning by trial &
>> error in the security field is not an option.
>>
>>
>> Thank you very much.
>>
>> Cheers,
>> Maxim Vexler.
>>
>>
>> --
>>
>> Do u GNU ?
>>
--
gburnore at DataBasix dot Com
---------------------------------------------------------------------------
How you look depends on where you go.
---------------------------------------------------------------------------
Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
Official .sig, Accept no substitutes. | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ 0 1 7 2 3 / Ý³Þ 3 7 4 9 3 0 Û³
Black Helicopter Repair Services, Ltd.| Official Proof of Purchase
===========================================================================

[Back to original message]