Web application security

You may need to do a quick third-party registration to access certain ones.

Articles

• Changes coming to the OWASP Top 10 in 2010
• Free Web proxy tools you need to get to know
• Securing Web servers in Windows environments
• Finding cross-site scripting (XSS) application flaws checklist
• Testing rich Internet applications: 2009's best free tools
  
• How often should I change the passwords for my bank and other important online accounts (a Women's Health magazine piece I contributed to)
• Web 2.0 application security troubleshooting, testing tutorial
• Essentials of static source code analysis for Web applications
• Web security problems: Five ways to stop login weaknesses
• Fixing four Web 2.0 input validation security mistakes
• Spotting rich Internet application security flaws with WebGoat
• Testing rich Internet applications for security holes [go to article]
• Is all the PCI DSS compliance whining and complaining justified? [go to article]
• Scoping your Web app security assessments for success [go to article]
• Common software security risks and oversights [go to article]
• The role of quality assurance pros in software security [go to article]
• Using the Firefox Web Developer extension to find security flaws [go to article]
• Cloud computing and application security: Issues and risks [go to article]
• Web application security gaps not fixed in 2008 [go to article]
• Five predictions for Web security trends and changes for 2009 [go to article]
• Ten Ways to Protect Your Web servers [go to article]
• Web Services: An overlooked entry point for attack [go to article]
• Cross-site Scripting 102 - How it actually works [go to article]
• AJAX Security - Is anyone listening? [go to article]
• The realities of using WAFs for PCI DSS 6.6 compliance [go to article]
• The realities of PCI DSS 6.6 application code reviews [go to article]
• Free tools that can improve IIS security
• Writing software requirements that address security issues
• Getting started with web application misuse cases
• The Essentials of Web Application Threat Modeling
• Web application hacking: Inside the mind of an attacker
• Cross-site scripting 101 - The essentials [go to article]
• Cracking passwords the Web application way [go to article]
• The Fallacy of SSL [go to article]
• How to get developers to buy into software security
• Eight reasons to do source code analysis on your web application
• What to do after penetration testing: source code analysis
• What to expect of a third party Web application security tester [go to article]
• What to look for in a Web application security testing tool
• Free web application security testing tools you need to get to know
• Software security tools to improve your skills in a single day
• Web application vulnerabilities you don't want to overlook
• Interpreting the Results of a Vulnerability Assessment: How to Focus on What’s Important in Your Web Application Security Testing
• Web application security testing checklist [go to article]
• Step-by-Step Guide: Securing Web Servers [go to article]

Webcasts

• Essential Elements of Web Application Penetration Testing
  In this webcast I show you how to maximize the value of your penetration testing efforts and the security of your Web applications. Just the essentials of what you need to know.

Podcasts

• Hacker-Proof Your Applications
• Web Security Basics for Physical Security Pros