[ Security for Web Developers ] :: 12: Mutillidae

Mutillidae

Using Mutillidae Mutillidae is another pre-built vulnerable web app. It’s highly aligned with the OWASP testing organization (which can take you wildly deep into the world of web app testing). You can install it side-by-side with other web apps by simply putting it in a separate sub-folder. (How does mutillidae/ sound for a name?) Assignment: …

[ Security for Web Developers ] :: 10: Defense Strategies

Strategic Defense Initiative

Security Strategy A: Put someone on it full-time. Do patching immediately. Monitor constantly and alert frequently. Review existing apps for correct security. Run a tight firewall. Run an IDS. See https://www.veracode.com/blog/2015/10/3-easy-steps-making-perfect-security-possible. Audit, audit, audit. Security Strategy B: Use a web scanning service or plugin. Does your hosting provider offer a website monitoring service? (For instance, …

[ Security for Web Developers ] :: 08: What Can Hurt You

Script Kiddies

What You Know Can Hurt You. What You Don’t Know Can Hurt You. Most so-called hackers are really just script kiddies: http://www.hackpconline.com/2010/05/painfully-computer-pranks.html. Most of the fruit is low-hanging: https://www.toptal.com/security/10-most-common-web-security-vulnerabilities. Real exploit developers who find real vulns go much deeper: http://blog.dewhurstsecurity.com/2013/04/17/http-form-password-brute-forcing-the-need-for-speed.html. Public and private groups share information (unfortunately, not to an equal degree) about newly discovered …

[ Security for Web Developers ] :: 07: Tamper Data

Security Testing With Tamper Data

Tamper Data Here’s a more sophisticated tutorial: Assignment: Test your site security Install Tamper Data in Firefox on a suitable computer. Now visit your site and find what you can tamper with. Particularly tinker with pages with forms, especially if you use hidden fields. You can also try it out on Hack This Site (https://www.hackthissite.org/pages/index/index.php), …