Skip to content

ThisIsNotOfficialCodeItsJustForks/awesome-appsec

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
data
data
 
 
src
src
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Awesome AppSec

A curated list of resources for learning about application security.

Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities.

Contributing

This README file is dynamically generated from the data/ directory. See src/compiler.php for more information.

The Awesome Application Security Readling List

General

Articles

How to Safely Generate a Random Number (2014)

Released: February 25, 2014

Advice on cryptographically secure pseudo-random number generators.

Salted Password Hashing - Doing it Right (2014)

Released: August 6, 2014

A post on Crackstation, a projecy by Defuse Security

A good idea with bad usage: /dev/urandom (2014)

Released: May 3, 2014

Mentions many ways to make /dev/urandom fail on Linux/BSD.

Books

Web Application Hacker's Handbook (2011)

Released: September 27, 2011

Great introduction to Web Application Security; though slightly dated.

Cryptography Engineering (2010)

Released: March 15, 2010

Develops a sense of professional paranoia while presenting crypto design techniques.

Websites

Hack This Site!

Learn about application security by attempting to hack this website.

Enigma Group

Where hackers and security experts come to train.

Web App Sec Quiz

Self-assessment quiz for web application security

SecurePasswords.info

Secure passwords in several languages/frameworks.

Security News Feeds Cheat-Sheet

A list of security news sources.

Open Security Training

Video courses on low-level x86 programming, hacking, and forensics.

Blogs

Crypto Fails

Showcasing bad cryptography

Wiki pages

OWASP Top Ten Project

The top ten most common and critical security vulnerabilities found in web applications.

PHP

Articles

It's All About Time (2014)

Released: November 28, 2014

A gentle introduction to timing attacks in PHP applications

Secure Authentication in PHP with Long-Term Persistence (2015)

Released: April 21, 2015

Discusses password policies, password storage, "remember me" cookies, and account recovery.

20 Point List For Preventing Cross-Site Scripting In PHP (2013)

Released: April 22, 2013

Padriac Brady's advice on building software that isn't vulnerable to XSS

25 PHP Security Best Practices For Sys Admins (2011)

Released: November 23, 2011

Though this article is a few years old, much of its advice is still relevant as we veer around the corner towards PHP 7.

PHP data encryption primer (2014)

Released: June 16, 2014

@timoh6 explains implementing data encryption in PHP

Useful libraries

defuse/php-encryption

Symmetric-key encryption library for PHP applications. (Recommended over rolling your own!)

ircmaxell/password_compat

If you're using PHP 5.3.7+ or 5.4, use this to hash passwords

ircmaxell/RandomLib

Useful for generating random strings or numbers

Websites

Blogs

Paragon Initiative Enterprises Blog

The blog of our technology and security consulting firm based in Orlando, FL

ircmaxell's blog

A blog about PHP, Security, Performance and general web application development.

Mailing lists

Securing PHP Weekly

A weekly newsletter about PHP, security, and the community.

About

A curated list of resources for learning about application security

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PHP 100.0%