Web Application Security Blog Series

Sheeri

As a consultant working with MySQL, I learned a lot about MySQL. I got deep into MySQL. But I did not often get a broad sense of the entire application ecosystem. Now that I work in-house, I can focus on the breadth. And especially working at Mozilla, I am in contact with many many developers working on many different applications. One Mozilla developer whom I respect greatly is James Socol, and his blog series on web application security is an excellent example of why he has earned my respect.

For those who want an overview, the articles (which are not all yet written) range many topics:

Basics: locking your car doors.
Password Storage
XSS: Cross-Site Scripting
CSRF: Cross-Site Request Forgeries
Injections, SQL and Otherwise
Access Control
Session Fixation and Hijacking
Server Configuration
Click-jacking and a little Phishing
Stay Up to Date
Advanced: Some gotchas from my experience and some things you may well see.
Mass Assignment
Cache Poisoning
Bots: Spam, Brute-force, and User Experience
PCI-DSS
CEF Logging
What browsers are doing to help.
Content Security Policy
X-Frame-Options
Do Not Track
Sandboxing

I think everyone involved in a web application should understand this series!