[LRUG] Security Talk Notes

Marc Wickenden marc at fuzz.io
Tue Apr 9 03:25:07 PDT 2013


On 9 Apr 2013, at 09:45, Najaf Ali <ali at happybearsoftware.com> wrote:

> For those of you that could make it, thanks for listening. You can find the content and links for the talk here:
> 
> http://happybearsoftware.com/lrug-web-app-security-talk.html
> 

Enjoyed it, thanks! Good to catch up in the bar after too.

> I didn't get a chance to talk much about further reading:
> 
> * Web Application Hackers Handbook - As a web developer, you should probably read the first half and flick through the rest.
> * Cryptography Engineering - Explains a lot of cryptography stuff but I found it better for the mindset side of things. Very short and readable.

The WAHHv2 book is *the* bible as far as web app security testing is concerned. I highly recommend it (along with the Tangled Web book also mentioned on the list). The online labs which were talked about last night are at http://mdsec.net/ and again, they are very good but not very specific to Rails/Ruby.

I mentioned to a few of you but I'm working on a project which might be of interest when it comes to ruby/rails/sinatra security and testing and I hope to deliver a talk on it at LRUG in the near future.

Marc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130409/3c9a90d2/attachment-0003.html>


More information about the Chat mailing list