The Centre for the Protection of National Infrastructure (CPNI) has published today the Technical Note on developing secure web applications that I prepared a few months ago.
Among the topics covered are:
- Introduction to web application security
- General aspects of web application security
- Access handling
- Injection flaws
- Thick-client security
- Preparing the infrastructure
Tony Dorrell and Greg Jenkins’ invaluable contributions have ensured the technical quality and high standards of the document.
Here is the guide, hope you enjoy it:
Comments and feedback are welcomed (you can also find me in Twitter: @etdsoft)