Web Security

Web Security encompasses attacks, bugs, vulnerabilities, and exploits on server-side and client-side web application logic and inherent vulnerabilities in web architecture.

Introduction

• http://pentest.cryptocity.net/web-hacking/
• The Open Web Application Security Project (OWASP)

Challenges

• Google Gruyere
• OWASP WebGoat
• Damn Vulnerable Web Application

Resources

• W3C Security
• Content Security Policy (CSP)
• HTTP Strict Transport Security (HSTS)
• [Cookies and their attributes] (http://en.wikipedia.org/wiki/HTTP_cookie)