Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Owasp guide A Guide to Building Secure Web Applications The Open Web Application Security Project Mark Curphey The Open Web Application Security Project David Endler iDefense William Hau Steve Taylor Predictive Solutions Tim Smith The Open Web Application

A Guide to Building Secure Web Applications The Open Web Application Security Project Mark Curphey The Open Web Application Security Project David Endler iDefense William Hau Steve Taylor Predictive Solutions Tim Smith The Open Web Application Security Project Alex Russell OWASP Filters project SecurePipe Inc netWindows org Gene McKenna Richard Parke ntranter aol com amit sanctuminc com dwg mac com Kevin McLaughlin Nigel Tranter Amit Klien Dennis Groves Izhar By-Gad Cibargad sanctuminc com shh thathost net security free y com msh qadas com roymc globalnet co uk Sverre Huseby Martin Eizner Michael Hill Roy McNamara CA Guide to Building Secure Web Applications The Open Web Application Security Project by Mark Curphey David Endler William Hau Steve Taylor Tim Smith Alex Russell Gene McKenna Richard Parke and Kevin McLaughlin Nigel Tranter ntranter aol com Amit Klien amit sanctuminc com Dennis Groves dwg mac com Izhar By-Gad ibargad sanctuminc com Sverre Huseby shh thathost net Martin Eizner security free y com Michael Hill msh qadas com Roy McNamara roymc globalnet co uk Published Sun Sep Copyright ? by The Open Web Application Security Project OWASP All rights reserved Permission is granted to copy distribute and or modify this document under the terms of the GNU Free Documentation License Version or any later version published by the Free Software Foundation C CTable of Contents I A Guide to Building Secure Web Applications Introduction Foreword Overview What Are Web Applications What Are Web Services How Much Security Do You Really Need Security Guidelines Validate Input and Output Fail Securely Closed Keep it Simple Use and Reuse Trusted Components Defense in Depth Only as Secure as the Weakest Link Security By Obscurity Won ? t Work Least Privilege Compartmentalization Separation of Privileges Architecture General Considerations Authentication What is Authentication Managing User Sessions Cookies Session Tokens Session Management Schemes SSL and TLS Access Control and Authorization Discretionary Access Control Mandatory Access Control Role Based Access Control Event Logging What to Log Log Management Data Validation Validation Strategies Never Rely on Client-Side Data Validation Preventing Common Problems The Generic Meta- Characters Problem Attacks on The Users Attacks on the System Parameter Manipulation Miscellaneous Privacy Considerations The Dangers of Communal Web Browsers Using personal data Enhanced Privacy Login Options Browser History Cryptography Overview Symmetric Cryptography v CAsymmetric or Public Key Cryptography Digital Signatures Hash Values Implementing Cryptography II Appendixes A GNU Free Documentation License PREAMBLE APPLICABILITY AND DEFINITIONS VERBATIM COPYING COPYING IN QUANTITY MODIFICATIONS COMBINING DOCUMENTS COLLECTIONS OF DOCUMENTS AGGREGATION WITH INDEPENDENT WORKS TRANSLATION TERMINATION FUTURE REVISIONS OF THIS LICENSE How to use this License for your documents vi CChapter Introduction Foreword We all use web applications everyday whether we consciously know it or not That is all of us who browse the web The ubiquity of web applications is not always apparent to the everyday web user When one visits cnn com and the site automagically knows you are a US resident and serves you US news and local weather it ? s all because of a