Despite the goofy name, Security Ninja in the UK — the site’s subtitle is “Security News, Research & Guidance” — has some good resources for application security, and is a solid contribution to the discussion around application security that’s been growing over the last few years. The primary contributor to the Security Ninja site is a security analyst working with an application called Realex Payments.
At the Security Ninja site they’ve developed 8 secure development principles which include:
- Input Validation
- Output Validation
- Error Handling
- Authentication and Authorization
- Session Management
- Secure Communications
- Secure Resource Access
- Secure Storage
While they dive into more detail for each of these topics, they also are posting a series of articles mapping each of these to features of the OWASP Enterprise Security API (ESAPI) project.
You can read the first posting regarding input validation using the OWASP ESAPI here: http://www.securityninja.co.uk/input-validation-using-the-owasp-esapi.
Libraries such as those OWASP provides are great resources; having real-life examples to work with makes them even more useful. I hope the Security Ninja continues the series, adding to the ongoing development of the AppSec body of knowledge.
Links:
