Web Application Security

Contents

• Fundamentals: The core concepts behind the gritty details of how web applications work and common ways that web applications are compromised.
• Abusing Cookies
• Abusing Filesystems
• Abusing Input
• Abusing URLs
• Checklists: Essential things to check before deploying your web application into production.
• Generic
• Ruby
• Javascript
• Best Practices: A guide to the best practices when writing web applications.
• Validate User Input
• Dependency Checker
• Static analysis
• Secrets Management
• Access Controls
• Content Security Policy
• Environment Isolation
• Enforce HTTPS
• Logging
• Tools: Tools to help you write more secure web applications.
• Agnostic
• Java
• Javascript
• Python
• Ruby
• Tutorials
• SAML with Ruby

Tasks

• Read the fundamentals
• Work through the checklist for your platform
• Read the best practices
• Use the tool section as a resource