|
Web Segura - Guia de Testes e Soluções |
 |
 |
 |
|
Written by Paco Hope
|
|
Wednesday, 23 December 2009 15:14 |
|
Our book has been translated into Portuguese by Alta Books, in Rio de Janeiro, Brazil. According to them: 
Web Segura - Guia de Testes e Soluções Técnicas sistemáticas para detectar problemas com rapidez Entre os testes que você executa em aplicativos da Web, os testes de segurança sejam talvez os mais importantes; no entanto, muitas vezes são deixados de lado. As receitas apresentadas no Web Segura - Guia de Testes e Soluções demonstram como desenvolvedores e testadores podem verificar os problemas mais comuns de segurança na Web através da realização de testes de unidade, testes de regressão ou testes de exploração. Ao contrário das avaliações de segurança para ocasiões específicas, estas receitas podem ser repetidas, são concisas e sistemáticas – perfeitas para integração com sua sequência de testes regulares. As receitas cobrem o básico, desde a observação de mensagens entre clientes e servidores até testes multifásicos que compõem o script dos inícios de sessões e a execução de recursos dos aplicativos da Web. Ao terminar o livro, você estará apto a criar testes voltados para funções do Ajax e para grandes testes compostos por vários estágios direcionados aos usuais suspeitos: ataques de scripting entre sites e de injeção. Este livro ajuda você a: - Obter, instalar e configurar ferramentas úteis – e gratuitas – para testes de segurança.
- Entender como seu aplicativo se comunica com os usuários, para que você possa aprimorar a simulação de ataques em seus testes.
- Escolher entre muitos métodos diferentes que imitam ataques comuns, tais como injeção de SQL, scripting entre sites e a manipulação de campos de formulários ocultos.
- Tornar seus testes repetíveis usando os scripts e exemplos apresentados nas receitas como pontos de partida para testes automatizados.
Não viva sob o constante medo de receber um telefonema durante a noite dizendo que seu site foi invadido por um hacker. Com o Web Segura - Guia de Testes e Soluções e as ferramentas gratuitas usadas nos exemplos, você pode incorporar a cobertura de segurança à sua sequência de testes e dormir em paz. |
|
Last Updated on Wednesday, 23 December 2009 15:19 |
|
|
Geek Humor: White Hat Hacker Man |
|
|
|
|
Written by Paco Hope
|
|
Friday, 16 October 2009 13:50 |
|
I made a parody song that's mainly about computer security and the kind of work I do over at Cigital. It's called White Hat Hacker Man and it's to the tune of Billy Joel's Piano Man. Lyrics are below. |
|
Last Updated on Friday, 16 October 2009 13:56 |
|
Read more...
|
|
It's not the firewall, stupid |
|
|
|
|
Written by Paco Hope
|
|
Thursday, 12 March 2009 15:12 |
|
My friends over at Sticky Minds picked up a UPI article about Norm Coleman's campaign office being hacked into. It's a summary of an original article in The Hill. For many years we've been fighting this knee-jerk security reaction that if it's a "security" issue, it must be a "firewall" issue. The difference between these two articles just underscores that point. The only "security" aspect of the UPI article is the fact that the word "firewall" is mentioned twice. I can think of a thousand ways that a campaign headquarters could get breached that would not involve the firewall at all. In fact, if they're taking donations over the Internet, they're probably doing so using a server that physically resides in a data center somewhere, not at the campaign HQ. And if data did get sucked out of campaign HQ computers, it's most easily done by getting a staffer infected with a virus or some malware. Nobody, but nobody, beats down the firewall these days. They trick you into running something you shouldn't, or they attack your applications (e.g., the web server where contributions are accepted). The Hill's article gets this right. At least they don't get it wrong. They present some facts and don't misrepresent anything. The UPI summary dwells on the firewall, however, when it has limited space available for the article. It leads the lay reader to the conclusion that firewall breaches (a) happen, (b) are relatively common, and (c) were likely in this case. I see (and apparently the FBI sees) no reason to think that's the case here. |
|
|
Add N Edit Cookies for Firefox 3.5 |
|
|
|
|
Written by Paco Hope
|
|
Wednesday, 12 August 2009 14:41 |
|
The Add N Edit Cookies add-on for Firefox is a vital one for web security testing, but it tends to be maintained sporadically. The current version downloadable from addons.mozilla.org will tell you that it does not support Firefox 3.5. It turns out that it works fine in Firefox 3.5, if you modify it. Paco has modified the installation so that you can install it and use it in Firefox 3.5. Just click the download button. 
|
|
Last Updated on Wednesday, 12 August 2009 14:45 |
|
Build Security In Maturity Model Released |
|
|
|
|
Written by Paco Hope
|
|
Thursday, 05 March 2009 09:51 |
|
The Wall Street Journal ran a story about the Building Security In Maturity Model (BSIMM) by Gary McGraw, Brian Chess, and Sammy Migues (based on some prior work by Pravir Chandra). This model, which is free to download and use, aims to help organizations put security into all aspects of their software development lifecycle. There are several good security testing aspects to it, including fuzz testing and the kinds of security testing we advocate in the cookbook. |
|
Last Updated on Wednesday, 11 March 2009 09:23 |
|
|
|
|
<< Start < Prev 1 2 Next > End >>
|
|
Page 1 of 2 |
