Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Web Application Security Mailing List

Posted by timothy on from the ahead-of-the-bad-guys dept.

An anonymous reader writes "For those slashdotters interested in web application security, WASC (Web Application Security Consortium) has created a new mailing list aply named 'The Web Security Mailing List.' The list is open for discussing important topics such as new attacks types and vulnerabilities, software development, solutions, application firewalls, web servers, database security, tools, etc."

4 comments

  1. not much discussion. . . by aoteoroa · · Score: 2, Informative

    but it still looks like a good source of information.

    I also use http://www.sans.org/newsletters/ to keep up to date.

    What other resources do people here use to make sure that your server applications are up to date?

    1. Re:not much discussion. . . by DrJonesAC2 · · Score: 1
      Yeah, slashdot has been dead all day when it comes to posts.

      This is the first list of this type that I have found. Any suggestions on good discussion boards for php related discussion of security issues?

    2. Re:not much discussion. . . by Anonymous Coward · · Score: 0

      The sans newsletter (mentioned above) includes a list of recent vulnerabilies in webapps. When the weekly email comes in I usually just scan the list and look for apps that I currently have in use, and if there's a problem I go to the program's web site to read more details.

      --aoteoroa

  2. Any good resources for the generalist? by hey! · · Score: 1

    I'm a database guy but over the years more an more of my work is getting dragged into the world of the web.

    I'm aware of the overall issues, but really what I haven't found yet is a good, comprehensive guide to securing web applications, particularly Java apps, with both theory and examples. Expertise either comes in the form of experienced consultants or open source frameworks with limited documenation.

    I've got Acegi on my list for evalution; however, I like to have a good practical understanding of a problem domain before I turn to a framework to solve all my problems. I'd like to go through some of the work needed to implement parts of this using my own servlet filters first so I can understand the various abstractions created by the framework's authors better.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.