WebApp Sec mailing list archives

AppSec FAQ at OWASP

From: "Sangita Pakala" <sangita.pakala () paladion net>
Date: Wed, 28 Jan 2004 19:52:56 +0530

Hi,
 
The OWASP site has published a new Appsec FAQ that answers common
questions on web application security. The lively discussions in this
mailing list were the inspiration for the FAQ. You can read the FAQ at:
http://www.owasp.org/documentation/appsecfaq

The current version has sections on SQL Injection, XSS, Login Issues,
Browser Cache etc. It includes questions like:

Is it really required to redirect the user to a new page after login?
Why can't I trust the information coming from the browser?
How can the browser cache be used in attacks"?
Are Java servlets vulnerable to SQL injection?
How can my "Forgot Password" feature be exploited? 

As with all other OWASP initiatives, we'd like your participation to
improve this FAQ.  Please send your suggestions to owasp () owasp org with
subject "OWASP AppSec FAQ".
 

Thanks to OWASP team and especially Mark Curphey, David Raphael and Ben
Poweski for helping us bring the FAQ online.
  

Regards,
Sangita
 
Sangita Pakala
Paladion Networks
http://www.paladion.net


P.S.- Just resending it in plain text, Mark.

Current thread:

AppSec FAQ at OWASP Sangita Pakala (Jan 28)
- <Possible follow-ups>
- RE: AppSec FAQ at OWASP Sangita Pakala (Jan 29)
  - RE: AppSec FAQ at OWASP Ulf Härnhammar (Jan 29)
  - Re: AppSec FAQ at OWASP オマルイスマイル (Jan 29)
    - Re: AppSec FAQ at OWASP Laurian Gridinoc (Jan 30)