The original OWASP Guide had become a staple diet for many web security professionals. Since 2002, the initial version was downloaded over 2 million times. Today, the Guide is referenced by many leading government, financial, and corporate standards and is the Gold standard for web application security.
Book Description
This guide is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying secure web applications.
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem, because the most effective approaches to application security include improvements in all of these areas.
Table of Contents
- What Are Web Applications?
- Security Architecture And Design
- Policy Frameworks
- Secure Coding Principles
- Threat Risk Modeling
- Handling E-Commerce Payments
- Phishing
- Web Services
- Authentication
- Authorization
- Session Management
- Data Validation
- Interpreter Injection
- Canoncalization, Locale And Unicode
- Error Handling, Auditing And Logging
- File System
- Buffer Overflows
- Administrative Interfaces
- Cryptography
- Configuration
- Maintenance
- Denial Of Service Attacks
- Php Guidelines
- Cheat Sheets