Security

Links

• Protecting passwords from password guessing techniques
• The Usability of Passwords
  • The Usability of Passwords - FAQ
• Philip Tellis's blog security section
• Bruce Schneier's password advice
• Ruby on Rails security guide
• How I'd hack your weak passwod
• Web security exploits list on Wikipedia
• http://plaintextoffenders.com/
• How to manage a PHP application's users and passwords
• Open Web App Security Project (OWASP)
• Forbes article about Gawker breach
• let's talk about password storage (Mozilla's best practices)

Common attacks

... TODO: need more intro to ...

• OWASP Attack catalog
• XSS
• CSRF
• Session hijacking
• Session fixation
• ...

Security Testing Tools

... TODO: Post a list of tools that can be used for testing the app against common attacks

• Skipfish
• Burp
• ...

Libraries

• OpenID libraries
• OAuth libraries
• ...

PHP

• PHPass - password encryption library
• ...