Security Resources

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws

The Web Application Hacker’s Handbook is a good general introduction to web security and the steps you should take when looking for security flaws, which is summarised quite well in the final chapter with this image: image132.jpg


Secure Code Lessions from Have I Been Pwned

This is a fascinating podcast episode with Troy Hunt from Have I Been Pwned which covers topics such as the Nissan Stack Overflow code reuse, the Ashley Madison data breach, the We-Vibe spying vibrator, Cloudflare and 1Password.

Some thoughts on security after ten years of qmail 1.0

  1. Don’t chase attackers.
  2. The principle of least privilege is a distraction.
  3. Security is more important than speed.
  4. Reduce the bug rate.
  5. Eliminate code.
  6. Think about the Trusted Code Base. 

I discovered a browser bug

This is a reasonably short post about how the (not fully standardised) Range header and no-CORS requests interacted to cause problems, along with a longer rant on Microsoft’s handling of the issue.

General Notes


One thought on “Security Resources

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s