• Home
• com.h3xstream.findsecbugs
• findsecbugs-website
• 1.3.0
• source code

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

.findsecbugs.findsecbugs-website.1.3.0.source-code.security.htm Maven / Gradle / Ivy

    


        
  Knowledge base

        You are new to web application security? Here are few resources for getting started.

         Remember that learning computer security is a journey. Don't expect to be an expert within a year! ;)
    




    

        
Websites
        

            The following resources are excellent to learn about the various types of vulnerability.
            Find Security Bugs will often reference to those websites.
        
        

            

                OWASP Top 10 (2013 Edition)

                The OWASP Top 10 is the list of 10 high level categories of vulnerabilities.
            
            

                WASC : Threat classification

                A great list of specific vulnerability types. Some vulnerabilities are not associate to high-level programming language such as Java (see Buffer Overflow and Format String).
            
            

                OWASP Java Project

                Although, the wiki is not mature. You will possibly find information on more specialized topic.
            
            

                Common Weakness Enumeration

                Detail database of vulnerability types.
            
            

                Google/Bing

                Don't limit yourself to general knowledge bases. If you are looking for specific information, you will find
                online valuable research papers, blog posts and articles.
            
        
    

    

        
Books

        

            
            

            The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
            


            This book is all about the black-box testing and gaining the attacker reflexes. The book is well structure.
            The technical details can be useful for beginner and intermediate developer/hacker.
            It is almost flawless. You will probably be disappoint by the code review chapter if you are a well-rounded developer.

        
        
 
        

            
            

            Iron-Clad Java: Building Secure Web Applications
            


            The particularity of this book is that it isn't technology agnostic. That's not a fault. This mean that it focus
            on Java applications. The guidelines are therefore more specialized.
        
        
 
        

            
            

            Beginning Cryptography with Java
            


            If you are looking for a cryptography reference, this book focus only on this topic. The content of the book is slightly dated.
            It doesn't cover some modern attack scenario. This book can still be useful if you want to quickly master the Java Cryptography API.