Monday, September 26, 2005

Security : How to break your own web application

Almost as bad as thinking 'nobody can break my web application' is a bury your head in the sand and think 'if I don't try and break it , then it must be working , right?'

The Open Web Application Security Project is a cold dose of reality - it documents what the bad guys already know, and what you should know to actively try and break your own website.

I haven't tried running any of these against any of the well know Irish Websites, (for obvious reasons), but it would be interesting to see how many would pass these tests ... they even provide WebGoat , a piece of software to teach you on how to find (and fix) Security flaws (thanks John for the correction!).