Dear Master Monks,
What techiques and tools do you employ when testing your wep applications for security?
I am currently researching techniques/tests for securing an application we are working on (which I think can be applied to any language, and not just Perl) and I think I have found the Top Ten most common methods of breaching security, as listed by the Open Web Application Security Project, namely:
- Unvalidated Input
- Broken Access Control
- Broken Authentication and Session Management
- Cross Site Scripting (XSS) Flaws
- Buffer Overflows
- Injection Flaws
- Improper Error Handling
- Insecure Storage
- Denial of Service
- Insecure Configuration Management
A few of my random thoughts:
- A lot of big names (bottom of page) use the Top Ten
- The OWASPs Guide looks pretty concise at 293 pages
- I wonder if these tests have to be site specific, or could they be generalised to test a host of sites, and turned into a tool? (No malicious use indended)
- Should nmap and Nessus be in the tool list? I think the are part of the whole approach, but not really geared towards your code.
- There is also the paid for Security Services of Netcraft's audit, amoung others.
- The Open Web Application Security Projects AppSec FAQ looks very helpful too, as well as a few pointers related to PHP (which I think can be applied to any code).
- Have I missed any tools on the CPAN?
- Should I adhere to the ISO 17799 standard?
There are a few techniques listed in An Introduction to Security Testing with Open Source Tools, but I am pretty sure most of you must have been involved with doing this at some stage, and could give me some pointers?
So, my parting question is, "Where do I start?"
Fancy a firstname.lastname@example.org? Just ask!!!