resources

WebSec 101

The WebSec101 series introduces the basics of web and application security in easy to digest 20-30 minute webcasts. It aims to give brief introductions to each of the major topics in testing, developing and securing web applications, and points the viewer to more detailed material if interested.

Come visit this site every two weeks for a new lesson.

Each webcast is available in a standard definition audio-video presentation, a "low-def" version for portable devices or where bandwidth and download speeds may be an issue, an audio-only "podcast" version, as well as providing the slides used.

WebSec101 is released under a Creative Commons Licence.

Released 09/14/2009

WebSec101: Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF)

Released 08/31/2009

WebSec101: SQL Injection

SQL Injection

Released 08/17/2009

WebSec101: Cross-Site Scripting

Cross-Site Scripting (XSS)

Released 08/03/2009

WebSec101: Session Management

Session Management

Released 07/20/2009

WebSec101: Authorization

Authorization

Released 07/06/2009

WebSec101: Authentication

Authentication

Released 06/19/2009

WebSec101: Configuration

Configuration

Released 06/19/2009

WebSec101: Introduction

Introduction

RFP Template

Foundstone has developed this Request for Proposal("RFP") template to help organizations identify and select a quality security vendor to perform professional services work.

>Download