Secure Programming

General

Clickjacking

Parameter Manipulation

XSS & CSRF

Sessions

Tools

  • Charles
    HTTP-Proxy/-Monitor / Reverse Proxy which allowed the developer all HTTP/HTTPS traffic between their computer and the Internet to view and manipulate inclusive request and receives.
  • x5s
    A plug-in for Fiddler which check automatically a site against XSS attacks.
  • SQL Map A SQL injection Tool
    A tool to check against SQL injections.
  • fuzzdb
    Even it is not a direct tool but I think it is a good chance to check your application about known attacks. Cos fuzzdb is a collection of known attacks against web applications and can be used with open source (Fuzzing) scanners. Under Linux there are bspw. fuzz, wapiti or zzuf.
  • the mole
    The mole is a automatic SQL injection scanner. Unfortunately it is just in the beta state.
  • wapiti Web application vulnerability scanner / security auditor
    A command line tool (in Phyton) to check web applications of security weaknesses.

Articles

Notices

  • These link collection is just a little instruction to the topic of secure programming especially for web applications.
  • I like to receive suggestions for more fitting websites to this topic.