A Wiki to act as a community knowlege base for software security.
Threats – Attacks – Vulnerabilities – Countermeasures
Input and Data Validation – Authentication – Authorization – Auditing and Logging – Client Side Validation – Communications Security – Configuration Management – Cryptography – Exception Management – Sensitive Data – Session Management
Range – Type – Memory – Cryptography and Secrets – Authentication, Authorization and Trust – Input Validation – Logic Errors – Misuse of Language Features – Synchronization and Timing – Enviromental Problems
Attack Patterns – Vulnerability Patterns – Security Design Patterns – Security Implementation Patterns
Web Applications
