Jason Dean's Security Series
Jason over at 12Robots.com has been writing a really great series of articles about secure application development for quite some time. Since I haven't seen them all in one index, I threw up links to all the articles on this page.
- I'm starting a new series on Secure Application Development with ColdFusion
- 'What is Security?' and other important questions - Security Series #0
- Multiple Datasource - Security Series #1
- Securing Custom Tags and Include files - Security Series #2
- Password Security Intro - Security Series #3
- The Basics of Password Security - Security Series #4
- A Simple Password Strength Function - Security Series #4.1
- Password Security with Hashing Functions - Security Series #4.2
- Salting Passwords - Security Series #4.3
- Salting and Hashing Code Example - Security Series #4.4
- User Login with Salted and Hashed passwords - Security Series #4.5
- Password Security in ColdFusion Wrap up - Security Series # 4.6
- Verbose Error Messages - Security Series #5
- Session Security in ColdFusion - Sub-series Intro - Security Series #6
- Session Tokens in ColdFusion - Security Series #6.1 part 1
- Session Tokens in ColdFusion - Security Series #6.1 part 2
- Session Token Cookies, should we force them on our users - Security Series #6.2
- How Session Tokens are Compromised and ColdFusion Session Security Wrap Up - Security Series #6.3
- URL Session Tokens easily compromised - Security Series #6.4
- New Session on Login - Security Series #12.3.1 and #6.4.1
- Access Control Intro - Security Series #7
- Persistent XSS Attacks and Count ermeausures in ColdFusion - Security Series #8
- Request Forgeries and ColdFusion - Security Series #9
- Enhancing ColdFusion Script Protection - Security Series #10
- Spoofing CGI Variables - Security Series #11
- mmmmMMmmmmmmm Cookies - Security Series #12
- Denial of Service - Security Series #13
I'm pretty sure I got them all from Jason's site, but if I did just let me know in a comment.