New Whitepaper available on security best practices

[<webappsec () technicalinfo net>]

Hello List,

Driven by multiple requests to provide some kind of guidance on what
constitutes "best security practice", I've created a whitepaper focusing on
host naming and URL conventions.  I've found that by following these simple
principles the avenue for attack on many Internet-based applications is
greatly limited.

I'm planning on releasing a number of new whitepaper this year focusing on
plain-English explanations and advice on best security practices --
primarily dealing with web-app security.  I'd welcome any suggestions on
other topics "industry" would like covered in more detail.

The paper is available at:
http://www.ngssoftware.com/papers/NISR-BestPracticesInHostURLNaming.pdf

Abstract:
A consideration often neglected by many organisations when rolling out new
servers or developing web-based applications that will be accessible by
Internet clients and customers is that of host and URL naming conventions.
There are a number of simple steps that can be taken to strengthen the
security of an environment or application making it more resilient to
several popular attack vectors. By understanding how an attacker can abuse
poorly thought out naming conventions, and by instigating a few minor
changes, it is possible to positively increase the defence-in-depth stature
of an environment.

Cheers,

Gunter Ollmann