WebApp Sec mailing list archives
RE: Secure coding techniques
From: "Andrew van der Stock" <vanderaj () greebo net>
Date: Thu, 3 Feb 2005 20:30:50 +1100
I'm working on a new version of the OWASP Guide. It has reasonable guidance on issues which affect most platforms, including J2EE. It will have J2EE samples in it on how to mitigate these issues, but does not currently do so. Jeff Williams and I were working on a J2EE Guide, but I feel that potentially with the improved OWASP Guide, maybe this effort is not as useful as it otherwise might be. If you feel like you want to work on this, we have about 50 pages done on that J2EE Guide. As long as you wish to contribute back to the OWASP project, I'd be happy to send a copy your way (it's really rough!). If you want it, I'll get you to talk to Jeff about becoming an author, so you can update your project pages and check in new versions on SourceForge. Thanks, Andrew
-----Original Message----- From: _kiss_ [mailto:smcsoc () yahoo es] Sent: Tuesday, 1 February 2005 8:51 AM To: 'webappsec () securityfocus com' Subject: Secure coding techniques Hi all, I am currently involved in a project that deals with defining a secure development policy for a development team. They are using Apache/Tomcat/Oracle with Java Servlets/JSP technology. I have found some documents about common issues (which I knew from previous audits), but I would like to know if there is currently a compendium of secure coding techniques in these programming languagues, I mean, a document that is more defense-centric than attack-centric. Hope you can help me. Thanks in advance.
Current thread:
- Secure coding techniques _kiss_ (Feb 02)
- RE: Secure coding techniques Andrew van der Stock (Feb 03)