[LRUG] Security Talk Notes
marc at fuzz.io
Tue Apr 9 03:25:07 PDT 2013
On 9 Apr 2013, at 09:45, Najaf Ali <ali at happybearsoftware.com> wrote:
> For those of you that could make it, thanks for listening. You can find the content and links for the talk here:
Enjoyed it, thanks! Good to catch up in the bar after too.
> I didn't get a chance to talk much about further reading:
> * Web Application Hackers Handbook - As a web developer, you should probably read the first half and flick through the rest.
> * Cryptography Engineering - Explains a lot of cryptography stuff but I found it better for the mindset side of things. Very short and readable.
The WAHHv2 book is *the* bible as far as web app security testing is concerned. I highly recommend it (along with the Tangled Web book also mentioned on the list). The online labs which were talked about last night are at http://mdsec.net/ and again, they are very good but not very specific to Rails/Ruby.
I mentioned to a few of you but I'm working on a project which might be of interest when it comes to ruby/rails/sinatra security and testing and I hope to deliver a talk on it at LRUG in the near future.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chat