4

Possible Duplicate:
Resources to learn about security

I'd like to get a good understanding of modern issues in web security and get insight into what it takes to keep your sites and services secure. I'm thinking of concepts like SSL, certificates, threat modeling, authorization/authentication and many many others. I'd also like to understand it both from the point of view of the person implementing the software (I'm a software engineer myself) and the person maintaining it after deployment.

I will most likely not need to go extremely deep technically into the individual issues, but breadth is certainly important as far as anything on the web is concerned.

I know that every area of software has its core texts and resources, and I was hoping that you security professionals would be generous enough to share your domain specific resources with me so I can ramp up and gain a good understanding of the field!

Community
  • 1
glitch
  • 529
  • 4
  • 5

2 Answers2

7

OWASP, the Open Web Application Security project, maintains a top 10 list of vulnerabilities. It's available in PDF form.

That can be a good starting point for understanding, at a high level. "The OWASP Guide to Building Secure Web Applications and Web Services" explains how web applications can be exploited and how they can be designed for robustness.

Mike Samuel
  • 3,873
  • 18
  • 25
2

US-CERT maintains a site Build Security In which advocates attention to security at all stages of systems engineering. They have some great articles on best practices and general knowledge that engineers should be aware of. If you're looking for breadth, check out their Security Principles which are generic concepts that secure systems should abide by.

Travis Christian
  • 121
  • 3