Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Quick intro to auditing web applications. - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Quick intro to auditing web applications.
Last time I taught the web application security workshop, students asked for a brief guide to assess their own web applications for common problems. So I sat down and wrote up a little paper outlining how I typically go about when I try to take a quick look at a web application. Sadly, while this is a very quick and incomplete "audit", many web apps I am asked to look at fail.

For the complete article see: .
(While you are there... take a look at the Leadership and Security lab links at the top of the page for more articles)

And for all ISC/ DShield users: I will be in San Diego in two weeks to teach the Linux/Apache/MySQL/PHP class. If you happen to be at SANS 2007: We will probably have a BoF session. Watch the announcements for details.I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022


4511 Posts
ISC Handler
Mar 22nd 2007

Sign Up for Free or Log In to start participating in the conversation!