|
|
|
|
|
|
by kylequest
3967 days ago
|
|
|
SANS is a good resource for training material about security. They have a number of courses for "defenders" and "builders" including web security (e.g., DEV522: Defending Web Applications Security Essentials: https://www.sans.org/ondemand/course/defending-web-applicati... ). It's not free though :-) Check out the AppSec conference videos (https://www.owasp.org/index.php/Category:OWASP_Video). You can find useful talks for "defenders" and "builders" there. For example, one of the first videos on their Vimeo channel (https://vimeo.com/appsecusa) is a talk by Douglas Crockford about securing JavaScript. One of the biggest problems with the security information out there is that it's mostly geared towards "breakers" (and to a lesser degree "defenders"), but to change the state of security we need more (quality) information for "builders", so they can build more secure apps... By the way, if you are a web app builder and you care about security learn and use CSP (Content Security Policy). CSP is one of the most effective ways to deal with the XSS attacks. Here's a place to get started: https://developer.mozilla.org/en-US/docs/Web/Security/CSP/In... |
|
|