———————
by Casaba Security, contact us through CodePlex, or email us through watcher at casabasecurity .com.
Frequently Asked Questions:
Answers to common questions are on the FAQ page.
Download
Background
Prior Work
Reviews
User Interface and Reporting
Installation
Configuration and Usage
Compliance with OWASP
Checks and how they work
Creating and Contributing Checks
来源:http://twitter.com/g1gg13
从包子那边看到的,是h3c上的,原文在这里,虽说是广告,但是有基础的知识介绍的。
Web安全威胁形势严峻
随着国家互联网应急中心最新监测分析报告的发布,一个令人触目惊心的数据引发各方关注: “1月4日至10日,境内被篡改政府网站数量为178个,与前一周相比大幅增长409%,其占境内被篡改网站总数的比例也大幅增长为31%。”不仅政府网 站,近年来各种Web网站攻击事件也是频频发生,网站SQL注入,网页被篡改、信息失窃、甚至被利用成传播木马的载体……Web安全威胁形势日益严 峻,Web安全防护该何去何从?
Web安全威胁的根源分析
Web网站的安全事件频频发生,究其根源,关键原因有二:一是Web网站自身存在技术上的安全漏洞和安全隐患;二是相关的防护设备和防护手段欠缺。
阅读全文
After the discussion about my last post and my omission of appsec, I wanted to make up for it not being in the list. Certainly, application security is important and as pointed out, I should have added it to the list of primary concerns for organizations.
By now, I hope everyone understands that attacks like SQL injection, cross-site scripting and the rest of the OWASP top 10 can have devastating effects. Often, when these vulnerabilities come into play, data loss soon follows.
阅读全文
From:WEB应用观察站
深入研究IIS的好东西,微软的,建议仔细看看。对于Web应用程序开发以及Web安全都有很大参考价值,这些资料一直在硬盘资料夹里,研究Web的时候常常来做参考,现在分享给大家。:)
下载:
IIS_6_Resource_Kit_eBook_PDF.zip (PDF格式,大小:10M)
IIS_6_Resource_Kit_eBook_CHM.zip (CHM格式,大小:5M)
IIS_6_Resource_Kit_eBook_DOC.zip (Word格式,大小:14M)
IIS_7.0_Resource_Kit_Book.pdf.zip (PDF格式,大小:14M)
From:Baoz
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
A far more detailed description is available at Wikipedia
