[ Security for Web Developers ] :: 12: Mutillidae

Mutillidae

This is post 12 of 16 in the series “Security for Web Developers” Using Mutillidae Mutillidae is another pre-built vulnerable web app. It’s highly aligned with the OWASP testing organization (which can take you wildly deep into the world of web app testing). You can install it side-by-side with other web apps by simply putting …

[ Security for Web Developers ] :: 10: Defense Strategies

Strategic Defense Initiative

This is post 10 of 16 in the series “Security for Web Developers” Security Strategy A: Put someone on it full-time. Do patching immediately. Monitor constantly and alert frequently. Review existing apps for correct security. Run a tight firewall. Run an IDS. See https://www.veracode.com/blog/2015/10/3-easy-steps-making-perfect-security-possible. Audit, audit, audit. Security Strategy B: Use a web scanning service …

[ Security for Web Developers ] :: 08: What Can Hurt You

Script Kiddies

This is post 8 of 16 in the series “Security for Web Developers” What You Know Can Hurt You. What You Don’t Know Can Hurt You. Most so-called hackers are really just script kiddies: http://www.hackpconline.com/2010/05/painfully-computer-pranks.html. Most of the fruit is low-hanging: https://www.toptal.com/security/10-most-common-web-security-vulnerabilities. Real exploit developers who find real vulns go much deeper: http://blog.dewhurstsecurity.com/2013/04/17/http-form-password-brute-forcing-the-need-for-speed.html. Public and …