Web Security Resources


May 3, 2015 2 minutes read

Here are some useful links to security resources:

  • OWASP to 10 v.2013– A list of the 10 Most Critical Web Application Security Risks.
  • OWASP: list of website security attacks
  • OWASP: list of website vulnerabilities
  • OWASP Development Guide – The OWASP Developer Guide 2014 is a dramatic re-write of one of OWASP’s first and most downloaded projects. The focus moves from countermeasures and weaknesses to secure software engineering. The Developer Guide 2014 is a «first principles» book - it’s not specific to any one language or framework, as they all borrow ideas and syntax from each other. There are highly specific issues in different languages, such as PHP configuration settings or Spring MVC issues, but we need to look past these differences and apply the basic tenets of secure system engineering to application security.
  • OWASP Testing Guide (version 4 PDF)
  • OWASP Enterprise Security API / ESAPI 2.x on GitHub – ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.
  • OWASP Resources on GitHub
  • Offensive Security Exploit Database Archive
  • CVE – CVE is a dictionary of publicly known information security vulnerabilities and exposures.
  • National Vulnerability Database – NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

See Also

Booting Spring Webapp

Spring Boot is an excellent tool to bootstrap java application. Most of the references mention how to create a standalone java application, optionally with embedded web server (tomcat or jetty). But Spring Boot supports also creating web applications intended to run within servlet container.

WebJars: Easy Packaging Client Libraries

When developing java web application it is often annoying to manage third-party javascript libraries. Especially, when it is necessary to upgrade some of them. The project «WebJars» makes a life easier for such lazyefficient developers, like me :-) There is a wide range of popular javascript libraries packaged int Jar archives and ready to be included as a dependencies into your project. It is described in the documentation how to configure resource mapping in a web framework of your choice.

Vaadin: Optimizing Sluggish UI

Some receipts how to optimize Vaadin application.

Is your Vaadin application becoming sluggish? Yes, this can happen - it is no secret. This can happen for every application, with every programming language, with every UI library and with all hardware platforms. Make it a web application and it is not even hard. For end users this is not acceptable, especially when building applications for frequent use.

logo   Never miss a story, subscribe to our newsletter