Hello,
I'm sorry for slightly off-topic question.
Right now we are deploying several web applications to the public. We are
concerned with security issues of web applications. So we prepared internal
guidelines "basic rules for developing more secure web applications". It is
more checklist than detailed guidelines. The topics covered are something
like: Do not use cookies. If you have to have use cookies do not use part of
user auth.info as cookie value....etc. The workshop "HOw to assess the
security of your web-based application" witch was held by David Rhoades
(from META Security Group) at SANS Conference is the great source for
developing such guidelines.
Now we would like to conduct security assesment of web application. We will
use our internal guidelines as a base for the assessment, but I think it is
not enough - the assesment won't uncover holes whitch are not resolved in
Guidelines.
Do you know some resource[s] witch cover security assesment of web based
application? Topics like What it should contain, what tools are used, etc.
The rules for developing secure web appl. will be usefull too.
Thanks
Ondra Grich
> -----Original Message-----
> From: Fred Donck [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, February 25, 2000 10:49 AM
> To: [EMAIL PROTECTED]
> Subject: SANE 2000 program details and registration - May 22-25, 2000
>
>
> At the SANE 2000 web site ( http://www.nluug.nl/sane/ ) you will find
> full
> program details, on-line registration, hotel information & reservation
> forms,
> travel information and much more, regarding the SANE 2000 conference.
>
>
>
> ____ _ _ _ _____ ____ ___ ___ ___
>
> / ___| / \ | \ | | ____| |___ \ / _ \ / _ \ / _ \
>
> \___ \ / _ \ | \| | _| __) | | | | | | | | | |
>
> ___) / ___ \| |\ | |___ / __/| |_| | |_| | |_| |
>
> |____/_/ \_\_| \_|_____| |_____|\___/ \___/ \___/
>
>
>
> http://www.nluug.nl/sane/
>
>
>
> 2nd International SANE Conference
>
>
>
> May 22-25, 2000
>
>
>
> Maastricht, The Netherlands
>
>
>
> A conference organized by the NLUUG, the UNIX User Group - The
> Netherlands
> co-sponsored by USENIX, the Advanced Computing Systems Association, and
>
> Stichting NLnet
>
>
>
>
>
> ----------------
>
> Important dates:
>
> ----------------
>
> Early registration deadline: April 7, 2000
>
> Registration closing date : May 14, 2000
>
>
>
>
>
> We are very pleased to present you the program for SANE 2000, an
> international
> conference on System Administration and Networking, focused on UNIX
> and IP
> networking. Going through the program, you will find renowned speakers
> for
> many interesting topics. SANE 2000 is the place where you will hear,
> discuss,
> then put to use the latest research, well-thought-out approaches, tools
> and
> techniques for practical system administration and security.
>
>
>
> Monday and Tuesday are your true opportunity for in-depth study! For two
> days,
> choose among three tracks of tutorials, covering topics like Perl/Tk,
> IPSEC,
> Sendmail, firewalls, DNS and general UNIX systems administration and
> led by
> experienced and respected instructors like Eric Allman, Jim Reid, Hugh
> Daniel,
> Walter Belgers, Hans van de Looy, Mark Overmeer, Jos Vos and Evi Nemeth.
>
>
>
> During the third and fourth day of SANE 2000 you will (after the
> keynote) be
> able to choose from two tracks of interesting presentations: the
> refereed
> papers track or the invited talks sessions. Hear about network
> management,
> security, modern file system techniques, IP internals, (b)leading
> edge
> developments, the use of open source software, and so on.
>
> +You will find a remarkable line-up of speakers, including Brian Reid,
> Jeff
> Allen, Eric Allman, Barbara Dijker, Guido van Rooij, Mark Burgess, Joe
> Greco,
> Bastiaan Bakker and many, many more.
>
>
>
> On Tuesday and Wednesday you can also stroll along the exhibition area,
> where
> vendors will demonstrate their latest hardware and software products they
> hope
> will help you do your job more efficiently and effectively.
>
>
>
> Of course, there's also time to relax. Make sure you don't miss the
> social
> event (and conference dinner) on Wednesday evening. The conference
> ends on
> Thursday afternoon with the "The inSANE Quiz" where keywords like
> Hilarious!
> Fun! Educational! apply. Attend the quiz and be awed by the vast
> amounts of
> absolutely useless knowledge portrayed by the quiz candidates. Or,
> even
> better, register as a potential quiz candidate and test your cognitive
> powers
> against the world's masters of completely useless facts. Try to beat
> the
> reigning champion!
>
>
>
> SANE 2000 is hosted in the Maastricht Exposition and Conference Center,
> MECC,
> close to the medieval center of the city of Maastricht, in the south of
> the
> Netherlands, close to the borders with Belgium and Germany.
>
>
>
> Please join us. We hope to see you in Maastricht on May 22-25 at SANE
> 2000!
>
>
> Edwin H. Kremer, Program Co-Chair
>
> Dept. of Computer Science, Utrecht University
>
>
>
> Bob Eskes, Program Co-Chair
>
> Applied System's Research, Hollandse Signaalapparaten, Hengelo
>
>
>
> For The SANE 2000 Program Committee.
>
>
>
>
>
> P.S. register early for the tutorials: they tend to fill up fast!
>
>
> --
> Fred Donck || voice/fax: +31-70-311-2374 || e-mail: [EMAIL PROTECTED]
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
