User:Benfellows

2008-02-25T17:13:44Z

Benfellows:

Hi, my name is Ben Fellows. I work as an IT Security Risk Consultant for [http://www.ey.com/global/content.nsf/International/AABS_-_RAS_-_TSRS Ernst & Young's Technology and Security Risk Services] group, under the Risk Advisory Services umbrella, here in Denver, CO. Drop me a line, I would love to chat.
{{user new message|Benfellows}}

User:Benfellows

2008-02-22T19:34:49Z

Benfellows: adding new message template

Hi, my name is Ben Fellows. I work as an IT Security Risk Consultant for [http://www.ey.com/global/content.nsf/International/AABS_-_RAS_-_TSRS Ernst & Young's Technology and Security Risk Services] group, under the Risk Advisory Services umbrella. Drop me a line, I would love to chat.
{{user new message|Benfellows}}

Template:User new message

2008-02-22T19:33:59Z

Benfellows: fix

<div style="align: center; padding: 1em; border: solid 1px {{{bordercolor|#1874cd}}}; background-color: {{{color|#d1eeee}}};">
<center>'''Please click <span class="plainlinks">[{{fullurl:User_talk:{{{name|{{PAGENAME}}}}}|action=edit&section=new}} <font color="002b88">here</font>]</span> to leave me a new message.'''</center></div>
<noinclude>
<br>Add this to your page using the following code: '''<code>{{user new message|color=''COLOR OF BOX''|bordercolor=''COLOR OF BORDER''|name=''USERNAME''}}</code>'''. If you do not include the ''color'', ''bordercolor'' and ''name'' parameters, the background and border will by default take the blue colour, as displayed here, and the name as the '''<code>{{{PAGENAME}}}</code>'''
</noinclude>

Template:User new message

2008-02-22T19:33:10Z

Benfellows: creating template

User talk:Benfellows

2008-02-22T19:32:21Z

Benfellows: New page: <noinclude>{{user new message|name=Benfellows}} </noinclude>

<noinclude>{{user new message|name=Benfellows}}
</noinclude>

User:Benfellows

2008-02-21T23:24:20Z

Benfellows: wikify

User:Benfellows

2008-02-21T23:22:03Z

Benfellows: creating page

Hi, my name is Ben Fellows. I work as an IT Security Risk Consultant for Ernst & Young's Risk Advisory Services. Drop me a line, I would love to chat.

Guia Tabla de Contenido

2008-02-21T23:05:58Z

Benfellows: /* Policy Frameworks */ - two quick translations

=[[Guía Portada|Portada]]=
#Dedicación
#Derechos de autor y licencia
#Editores
#Autores y críticos
#Historia de revisiones
=[[Acerca del Open Web Application Security Project]]=
#Estructura y licenciamiento
#Participación y afiliación
#Proyectos

=[[Guía Introducción| Introducción]]=
#Desarrollando aplicaciones seguras
#Mejoras en esta edición
#Como usar la guía
#Actualizaciones y errata
#Agradecimientos
=[[¿Qué son las aplicaciones web?]]=
#Tecnologías
#La primera generación – CGI
#Filtros
#Scripting
#Web application frameworks – J
#Aplicaciones de pequeña y mediana escala
#Aplicaciones de gran escala
#Vista
#Controlador
#Modelo
#Conclusiones

=[[Armazón de Reglas]]=
#Organizational commitment to security
#Lugar de OWASP al mesa de Armazónes
#Development Methodology
#Coding Standards
#Source Code Control
#Summary

=[[Secure Coding Principles]]=
#Asset Classification
#About attackers
#Core pillars of information security
#Security Architecture
#Security Principles
=[[Threat Risk Modeling]]=
#Threat Risk Modeling
#Performing threat risk modeling using the Microsoft Threat Modeling Process
#Alternative Threat Modeling Systems
#Trike
#AS/NZS
#CVSS
#OCTAVE
#Conclusion
#Further Reading
=[[Handling E-Commerce Payments]]=
#Objectives
#Compliance and Laws
#PCI Compliance
#Handling Credit Cards
#Further Reading
=[[Phishing]]=
#What is phishing?
#User Education
#Make it easy for your users to report scams
#Communicating with customers via e-mail
#Never ask your customers for their secrets
#Fix all your XSS issues
#Do not use pop-ups
#Don’t be framed
#Move your application one link away from your front page
#Enforce local referrers for images and other resources
#Keep the address bar, use SSL, do not use IP addresses
#Don’t be the source of identity theft
#Implement safe-guards within your application
#Monitor unusual account activity
#Get the phishing target servers offline pronto
#Take control of the fraudulent domain name
#Work with law enforcement
#When an attack happens
#Further Reading
=[[Web Services]]=
#Securing Web Services
#Communication security
#Passing credentials
#Ensuring message freshness
#Protecting message integrity
#Protecting message confidentiality
#Access control
#Audit
#Web Services Security Hierarchy
#SOAP
#WS-Security Standard
#WS-Security Building Blocks
#Communication Protection Mechanisms
#Access Control Mechanisms
#Forming Web Service Chains
#Available Implementations
#Problems
#Further Reading
=[[Ajax and Other "Rich" Interface Technologies]]=
#Objective
#Platforms Affected
#Architecture
#Access control: Authentication and Authorization
#Silent transactional authorization
#Untrusted or absent session data
#State management
#Tamper resistance
#Privacy
#Proxy Façade
#SOAP Injection Attacks
#XMLRPC Injection Attacks
#DOM Injection Attacks
#XML Injection Attacks
#JSON (Javascript Object Notation) Injection Attacks
#Encoding safety
#Auditing
#Error Handling
#Accessibility
#Further Reading
=[[Autenticación]]=
#Objetivo
#Entornos afectados
#Relevant COBIT Topics
#Best Practices
#Técnicas comunes de autenticación web
#Autenticación fuerte
#Federated Authentication
#Controles de autenticación del lado del cliente
#Autenticación positiva
#Búsquedas en claves múltiples
#Verificaciión del Referer
#Guardando la clave en el navegador
#Cuentas por defecto
#Elección de nombres de usuario
#Cambiar las claves
#Claves cortas
#Controles de claves débiles
#Encriptación reversible de claves
#Automated password resets
#Fuerza Bruta
#Recordarme
#Idle Timeouts
#Logout
#Expiración de cuentas
#Autoregistro
#CAPTCHA
#Further Reading
#Authentication

=[[Guide to Authorization]]=
#Objectives
#Environments Affected
#Relevant COBIT Topics
#Best Practices
#Best Practices in Action
#Principle of least privilege
#Centralized authorization routines
#Authorization matrix
#Controlling access to protected resources
#Protecting access to static resources
#Reauthorization for high value activities or after idle out
#Time based authorization
#Be cautious of custom authorization controls
#Never implement client-side authorization tokens
#Further Reading

=[[Session Management]]=
#Objective
#Environments Affected
#Relevant COBIT Topics
#Description
#Best practices
#Exposed Session Variables
#Page and Form Tokens
#Weak Session Cryptographic Algorithms
#Session Token Entropy
#Session Time-out
#Regeneration of Session Tokens
#Session Forging/Brute-Forcing Detection and/or Lockout
#Session Token Capture and Session Hijacking
#Session Tokens on Logout
#Session Validation Attacks
#PHP
#Sessions
#Further Reading
#Session Management
=[[Data Validation]]=
#Objective
#Platforms Affected
#Relevant COBIT Topics
#Description
#Definitions
#Where to include integrity checks
#Where to include validation
#Where to include business rule validation
#Data Validation Strategies
#Prevent parameter tampering
#Hidden fields
#ASP.NET Viewstate
#URL encoding
#HTML encoding
#Encoded strings
#Data Validation and Interpreter Injection
#Delimiter and special characters
#Further Reading
=[[Interpreter Injection]]=
#Objective
#Platforms Affected
#Relevant COBIT Topics
#User Agent Injection
#HTTP Response Splitting
#SQL Injection
#ORM Injection
#LDAP Injection
#XML Injection
#Code Injection
#Further Reading
#SQL-injection
#Code Injection
#Command injection
=[[Canoncalization, locale and Unicode]]=
#Objective
#Platforms Affected
#Relevant COBIT Topics
#Description
#Unicode
#http://www.ietf.org/rfc/rfc#
#Input Formats
#Locale assertion
#Double (or n-) encoding
# HTTP Request Smuggling
# Further Reading
=[[Error Handling, Auditing and Logging]]=
#Objective
#Environments Affected
#Relevant COBIT Topics
#Description
#Best practices
#Error Handling
#Detailed error messages
#Logging
#Noise
#Cover Tracks
#False Alarms
#Destruction
#Audit Trails
#Further Reading
#Error Handling and Logging
=[[File System]]=
#Objective
#Environments Affected
#Relevant COBIT Topics
#Description
#Best Practices
#Defacement
#Path traversal
#Insecure permissions
#Insecure Indexing
#Unmapped files
#Temporary files
#PHP
#Includes and Remote files
#File upload
#Old, unreferenced files
#Second Order Injection
#Further Reading
#File System
=[[Distributed Computing]]=
#Objective
#Environments Affected
#Relevant COBIT Topics
#Best Practices
#Race conditions
#Distributed synchronization
#Further Reading
=[[Buffer Overflows]]=
#Objective
#Platforms Affected
#Relevant COBIT Topics
#Description
#General Prevention Techniques
#Stack Overflow
#Heap Overflow
#Format String
#Unicode Overflow
#Integer Overflow
#Further reading
=[[Administrative Interface]]=
#Objective
#Environments Affected
#Relevant COBIT Topics
#Best practices
#Administrators are not users
#Authentication for high value systems
#Further Reading
=[[Guide to Cryptography]]=
#Objective
#Platforms Affected
#Relevant COBIT Topics
#Description
#Cryptographic Functions
#Cryptographic Algorithms
#Algorithm Selection
#Key Storage
#Insecure transmission of secrets
#Reversible Authentication Tokens
#Safe UUID generation
#Summary
#Further Reading
#Cryptography

=[[Configuration]]=
#Objective
#Platforms Affected
#Relevant COBIT Topics
#Best Practices
#Default passwords
#Secure connection strings
#Secure network transmission
#Encrypted data
#PHP Configuration
#Global variables
#register_globals
#Database security
#Further Reading
#ColdFusion Components (CFCs)
#Configuration
=[[Software Quality Assurance]]=
#Objective
#Platforms Affected
#Best practices
#Process
#Metrics
#Testing Activities
=[[Deployment]]=
#Objective
#Platforms Affected
#Best Practices
#Release Management
#Secure delivery of code
#Code signing
#Permissions are set to least privilege
#Automated packaging
#Automated deployment
#Automated removal
#No backup or old files
#Unnecessary features are off by default
#Setup log files are clean
#No default accounts
#Easter eggs
#Malicious software
#Further Reading
=[[Maintenance]]=
#Objective
#Platforms Affected
#Relevant COBIT Topics
#Best Practices
#Security Incident Response
#Fix Security Issues Correctly
#Update Notifications
#Regularly check permissions
#Further Reading
#Maintenance
=[[GNU Free Documentation License]]=
#PREAMBLE
#APPLICABILITY AND DEFINITIONS
#VERBATIM COPYING
#COPYING IN QUANTITY
#MODIFICATIONS
#COMBINING DOCUMENTS
#COLLECTIONS OF DOCUMENTS
#AGGREGATION WITH INDEPENDENT WORKS
#TRANSLATION
#TERMINATION
#FUTURE REVISIONS OF THIS LICENSE
=Reference=
[[Category:OWASP_Guide_Project]]

OWASP - User contributions [en]

User:Benfellows

User:Benfellows

Template:User new message

Template:User new message

User talk:Benfellows

User:Benfellows

User:Benfellows

Guia Tabla de Contenido