Web App Security, Testing Checklist, Protecting Passwords

[Paul Johnston <paj () pajhome org uk>]

Hi,

I have just updated the security section of my web site; there's a
couple of pages that may interest people on this list:

A high-level overview of web application security:
http://pajhome.org.uk/security/web.html

Checklist for testing web apps:
http://pajhome.org.uk/security/webchecks.html

Also, for many years I have provided a JavaScript MD5 library. This
can be used to perform challenge-response authentication, protecting
passwords on sites that do not use SSL. I have recently approached
some of the main web frameworks, to encourage them to implement this
in their authentication library.
http://pajhome.org.uk/crypt/md5/

I'd welcome any comments on the above.

Best wishes,

Paul