Building and Running Secure Web and Mobile Apps
Posted on
Web development is hard. Secure web development is harder. Running applications on the internet without security incidents is almost impossible.
A non-exhaustive list of infrastructure services that you rely on for running any website.
The following are references for the talk given at Microsoft Ventures Accellerator on 28th April 2015
References
General
Security News
Fundamentals
Tools
DNS Recon
DirBuster
wfuzz
fuzzdb
Web app URLs default list
cewl
Concepts
OWASP
OWASP Top 10
OWASP A1 Injection
OWASP A3 Cross Site Scripting
- XSS
- Apache.org incident report
- XSS to root in Apache Jira incident
- Apache.org compromised through XSS
- Ubuntu Forums Hacked
- 1.82 Million Usernames stolen in Ubuntu Hack
OWASP A4 Insecure Direct Object Reference
OWASP A8 Cross Site Request Forgery
- Cross Site Request Forgery
- Dlink routers vulnerable to DNS hijacking
- Gmail CSRF vulnerability
- All your clouds are belong to us