-
Notifications
You must be signed in to change notification settings - Fork 3
/
security.htm
189 lines (162 loc) · 8.71 KB
/
security.htm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Getting Started in Security - Find Security Bugs</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="shortcut icon" href="images/favicon.png">
<link href="//fonts.googleapis.com/css?family=Squada+One" rel="stylesheet" type="text/css"/>
<link href="css/bootstrap.css" rel="stylesheet" media="screen">
<link href="css/font-awesome.css" rel="stylesheet" media="screen">
<link href="css/fsb-custom-theme.css" rel="stylesheet" media="screen">
<link href="css/agency.css" rel="stylesheet" media="screen">
<link href="css/prism.css" rel="stylesheet" media="screen">
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!--<div class="navbar navbar-default navbar-fixed-top">-->
<div class="navbar navbar-expand-sm fixed-top navbar-dark bg-primary">
<div class="container">
<a class="navbar-brand" href="/">{<i class="fa fa-bug"></i>}<span style="display:none">Find Security Bugs</span></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div id="navbarResponsive" class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li class=''><a class="nav-link" href="/">Home</a></li>
<li class="dropdown active">
<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">How To <span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li class="dropdown-header">Use the plugin with..</li>
<li><a class="dropdown-item" href="tutorials.htm#Maven">Maven</a></li>
<li><a class="dropdown-item" href="tutorials.htm#Eclipse">Eclipse</a></li>
<li><a class="dropdown-item" href="tutorials.htm#NetBeans">NetBeans</a></li>
<li><a class="dropdown-item" href="tutorials.htm#IntelliJ">IntelliJ</a></li>
<li><a class="dropdown-item" href="tutorials.htm#Jenkins">Jenkins</a></li>
<li><a class="dropdown-item" href="tutorials.htm#Sonar">Sonar</a></li>
<li class="divider"></li>
<li class="dropdown-header">Knowledge base</li>
<li><a class="dropdown-item" href="security.htm">Getting started in security</a></li>
</ul>
</li>
<li class=''><a class="nav-link" href="bugs.htm">Bug Patterns</a></li>
<li class=''><a class="nav-link" href="download.htm">Download</a></li>
</ul>
<ul class="nav navbar-nav navbar-right ml-auto">
<li class=''><a class="nav-link" href="license.htm">License</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<br/><br/>
<div class="container">
<div class="jumbotron jumbotron-ad hidden-print">
<h1><i class="fa fa-graduation-cap"></i> Knowledge base</h1>
You are new to web application security? Here are few resources for getting started.<br/>
<i class="fa fa-warning"></i> Remember that learning computer security is a journey. Don't expect to be an expert within a year! ;)
</div>
</div>
<div class="container">
<section id="websites">
<h2 class="page-header">Websites</h2>
<p>
The following resources are excellent to learn about the various types of vulnerabilities.
Find Security Bugs will often reference those websites.
</p>
<ul>
<li>
<a href="http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf">OWASP Top 10 (2013 Edition)</a><br/>
The OWASP Top 10 is the list of 10 high level categories of vulnerabilities.
</li>
<li>
<a href="http://projects.webappsec.org/w/page/13246978/Threat%20Classification">WASC : Threat classification</a><br/>
A great list of specific vulnerability types. Some vulnerabilities are not associated to high-level programming language such as Java (see Buffer Overflow and Format String).
</li>
<li>
<a href="https://www.owasp.org/index.php/OWASP_Java_Table_of_Contents">OWASP Java Project</a><br/>
Although the wiki is not mature, you will possibly find information on more specialized topics.
</li>
<li>
<a href="https://cwe.mitre.org/data/graphs/888.html">Common Weakness Enumeration</a><br/>
Detailed database of vulnerability types.
</li>
<li>
<a href="https://www.google.com">Google</a>/<a href="https://www.bing.com">Bing</a><br/>
Don't limit yourself to general knowledge bases. If you are looking for specific information, you will find
valuable research papers, blog posts and articles online.
</li>
</ul>
</section>
<section id="books">
<h2 class="page-header">Books</h2>
<p>
<a href="#">
<img class="book-preview" border="0" src="https://images-na.ssl-images-amazon.com/images/I/51PGm-zmqKL._SL160_.jpg" >
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws</a>
<br/><br/>
This book is all about black-box testing and gaining the attacker reflexes. It describes the different
vulnerabilities that can be found in web applications. The book is well structured.
The technical details can be useful for beginner and intermediate developer/hacker.
It is almost flawless. You will probably be disappointed by the code review chapter if you are a well-rounded developer.<br/>
</p>
<div style="clear:both"> </div>
<p>
<a href="#">
<img class="book-preview" border="0" src="https://images-na.ssl-images-amazon.com/images/I/51lJcsg9-zL._SL160_.jpg" >
Iron-Clad Java: Building Secure Web Applications</a>
<br/><br/>
The particularity of this book is that it isn't technology agnostic. That's not a fault. This means that it focuses
on Java applications. The guidelines are therefore more specialized.
</p>
<div style="clear:both"> </div>
<p>
<a href="#">
<img class="book-preview" border="0" src="https://images-na.ssl-images-amazon.com/images/I/619raTTMqYL._SL160_.jpg" >
Beginning Cryptography with Java</a>
<br/><br/>
If you are looking for a cryptography reference, this book focus only on this topic. The content of the book is slightly dated.
It doesn't cover some modern attack scenarios. This book can still be useful if you want to quickly master the Java Cryptography API.
</p>
<div style="clear:both"> </div>
</section>
</div>
<br/><br/>
<footer id="footer" class="footer hidden-print">
<div class="container text-center">
<div>
Find Security Bugs 1.12.0
<span class="hide-xs">·</span>
Created by <a target="_blank" href="https://twitter.com/h3xstream">Philippe Arteau</a>
</div>
<div>
Licensed under <a href="license.htm">LGPL</a>
</div>
</div>
</footer>
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<!--<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>-->
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="js/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/fsb-custom.js"></script>
<script src="js/prism.js"></script>
<!-- Google Analytics -->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-34839255-2']);
_gaq.push(['_trackPageview']);
(function () {
var ga = document.createElement('script');
ga.type = 'text/javascript';
ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(ga, s);
})();
</script>
</body>
</html>