I would like a comprehensive list of web sites/web resources where
software developers visit to learn and/or discuss about securing their
applications or building greater security into their software.

---

Request for Question Clarification by kyrie26-ga on 18 Sep 2002 08:22 PDT

Hello saxel-ga,

Would you like sites/resources focused on a particular development
platform or language, or would like that for as many as possible?


Thanks,

kyrie26-ga

---

Clarification of Question by saxel-ga on 18 Sep 2002 09:26 PDT

Any B2B software development is fine with us.  Language not an issue.

Hi saxel-ga,

Thank you for your question. Since the topic of application security
is so wide, I have structured my answer by categorizing these sites
and resources. The categories are : General,
Platform/Language-Specific, and Server/Networking security.

The General category usually covers best practices in the industry
from the application security standpoint, or resources, tutorials and
discussion sites covering application security.

I included a category for Platform/Language-Specific because from my
experience as an application developer, the best places to go to
discuss application security is to go to a forum that focuses on that
particular platform or language. This is because sometimes you have to
get language-specific to implement security techniques. Some of these
forums may or may not be classified into topical groupings which
include the area of security.

The third group is more specific to servers and networking, which are
closely intertwined with B2B applications.

The list includes tutorials, forums, discussions and general websites.



Here are the results of my search :



==== GENERAL ====

+------------------------------------------+

Web Developer® All About Security
http://www.webdeveloper.com/security/

+------------------------------------------+

p2p.wrox_com - the programmer's resource centre
http://p2p.wrox.com/security/

+------------------------------------------+

SECURITY ADVISOR® Zone
http://securityadvisor.info/

+------------------------------------------+

Dot-Com Builder Web Services
http://dcb.sun.com/practices/websecurity/

+------------------------------------------+

Advisor Forum : E-Business-Security.Advisor
http://advisor.com/dEB001.nsf

+------------------------------------------+

Sun : Security Resources
http://wwws.sun.com/software/security/resources.html

+------------------------------------------+

IBM : developerWorks : Security
http://www-106.ibm.com/developerworks/security/?loc=dwmain

+------------------------------------------+

EarthWeb.com The IT Industry Portal
http://softwaredev.earthweb.com/security

+------------------------------------------+

15 Seconds : Home of ASP, VBScript, XML, SOAP, .NET, ASP.NET, IIS,
SQL, VB, COM, active server pages, database, ADSI, ISAPI information
http://www.15seconds.com/focus/Security.htm

+------------------------------------------+

Computer Security Resource Clearinghouse 
http://cs-www.ncsl.nist.gov

+------------------------------------------+

Software Development Online E-Development & Security
http://www.sdmagazine.com/security/

+------------------------------------------+

XWSS.org - Web Services Security Forum
http://www.xwss.org/index.jsp

+------------------------------------------+

Computerworld Security Knowledge Center
http://www.computerworld.com/securitytopics/security?from=left

+------------------------------------------+

Intranet Journal : The discussion forum for intranet and extranet
professionals
http://www.intranetjournal.com/ix/

+------------------------------------------+

BlackCode.com Forums :

Web Development
https://www.blackcode.com/forums/viewforum.php?f=10

Security
https://www.blackcode.com/forums/viewforum.php?f=6

+------------------------------------------+




==== LANGUAGE/PLATFORM -SPECIFIC ====

+------------------------------------------+

4GuysFromRolla.com - Learn More about Security!
http://www.4guysfromrolla.com/webtech/LearnMore/Security.asp

+------------------------------------------+

ASP.NET Security Tutorial
http://www.gotdotnet.com/team/student/wintellect/

+------------------------------------------+

ASP Security - ASP tutorial, script, programming, code
http://www.aspin.com/home/tutorial/security

+------------------------------------------+

ASP.NET Forums : Security
http://www.asp.net/Forums/ShowForum.aspx?tabindex=1&ForumID=25

+------------------------------------------+

ColdFusion Support Forums - Security
http://webforums.macromedia.com/coldfusion/categories.cfm?catid=12

+------------------------------------------+

DevShed Forums - PHP
http://forums.devshed.com/forumdisplay.php?forumid=5

+------------------------------------------+

PHPAdvisory_com - PHP Security Source
http://www.phpadvisory.com/

+------------------------------------------+

PHP Builder Community Forums - powered by vBulletin
http://www.phpbuilder.com/board/

+------------------------------------------+

PHP Forums - The PHPDN Unified Forums  View Forum - PHPAdvisory_com
http://www.devnetwork.net/forums/viewforum.php?f=16&sid=26e54f4963ddb6b85844aa132a230608

+------------------------------------------+

DevShed Forums - Perl
http://forums.devshed.com/forumdisplay.php?forumid=6

+------------------------------------------+

CGI Security Tutorial
http://www.thinkage.on.ca/~mlvanbie/cgibin/onepage.cgi/cgisec/cgisecdef?html

+------------------------------------------+

Perl Security Tutorial
http://www.perldoc.com/perl5.6/pod/perlsec.html

+------------------------------------------+

Perl Guru Forums Main Index
http://perlguru.com/

+------------------------------------------+

DevShed Forums - Python
http://forums.devshed.com/forumdisplay.php?forumid=11

+------------------------------------------+

DevShed Forums - C Languages (C, C++, Obj-C, C#)
http://forums.devshed.com/forumdisplay.php?forumid=42

+------------------------------------------+

C++ Knowledge Base : Development : Security
http://c.ittoolbox.com/nav/t.asp?t=467&p=467&h1=467

+------------------------------------------+

DevShed Forums - Java Servlets & JSP
http://forums.devshed.com/forumdisplay.php?forumid=9

+------------------------------------------+

Security in Java 2 SDK 1.2
http://java.sun.com/docs/books/tutorial/security1.2/

+------------------------------------------+

Java(TM) Security
http://java.sun.com/security/

+------------------------------------------+

Java Developer Connection - Forums
http://forum.java.sun.com/forum.jsp?forum=60

+------------------------------------------+

Java Guru Security Forum Home Page
http://www.jguru.com/forums/Security

+------------------------------------------+

Dot-Com Builder Discussion Forums : Forum Home > Security 
http://dcbforum.sun.com/forum.jsp?forum=19

+------------------------------------------+

XML Security page
http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/xml_security.html

+------------------------------------------+

DevShed Forums - XML
http://forums.devshed.com/forumdisplay.php?forumid=19

+------------------------------------------+

XML.org Focus Topics XML Security
http://www.xml.org/xml/resources_focus_security.shtml

+------------------------------------------+




==== SERVER/NETWORKING SECURITY ====

+------------------------------------------+

Security Developer Central
http://developer.netscape.com/tech/security/security.html

+------------------------------------------+

AntiOnline - Computer Security - Hacking & Hackers
http://www.antionline.com/index.php

+------------------------------------------+

DevX Discussion Groups
http://news.devx.com/
[click on Security link]

DevX : Items in security.infrastructure
http://news.devx.com/cgi-bin/dnewsweb.exe?cmd=xover&group=security.infrastructure

+------------------------------------------+

ExtremeTech : Networking & Security
http://www.extremetech.com/category2/0,3971,23810,00.asp

+------------------------------------------+






Google Search Terms :

developer OR developers OR development security forum OR resource OR
resources
://www.google.com/search?q=developer+OR+developers+OR+development+security+forum+OR+resource+OR+resources&hl=en&lr=&ie=UTF-8&start=10&sa=N

software OR application development security forum OR forums OR
discussion OR discussions
://www.google.com/search?sourceid=navclient&q=software+OR+application+development+security+forum+OR+forums+OR+discussion+OR+discussions

b2b "web application" development security forum OR forums OR
discussion OR discussions (unsuccessful)

b2b application development security forum OR forums OR discussion OR
discussions (unsuccessful)

asp security tutorial OR tutorials OR discussion OR discussions OR
forum OR forums
://www.google.com/search?q=asp+security+tutorial+OR+tutorials+OR+discussion+OR+discussions+OR+forum+OR+forums&hl=en&lr=&ie=UTF-8&start=10&sa=N

php security tutorial OR tutorials OR discussion OR discussions OR
forum OR forums
://www.google.com/search?sourceid=navclient&q=php+security+tutorial+OR+tutorials+OR+discussion+OR+discussions+OR+forum+OR+forums

java OR servlet OR servlets security tutorial OR tutorials OR
discussion OR discussions OR forum OR forums
://www.google.com/search?q=java+OR+servlet+OR+servlets+security+tutorial+OR+tutorials+OR+discussion+OR+discussions+OR+forum+OR+forums&hl=en&lr=&ie=UTF-8&start=10&sa=N

web development security forum or discussion
://www.google.com/search?q=web+development+security+forum+or+discussion&hl=en&lr=&ie=UTF-8&start=0&sa=N




I know that this is a rather open-ended question, so I hope that my
answer is what you are looking for. In the event that you need further
information, please do not hesitate to request a clarification. I wish
you all the best in your undertakings.


Sincerely,

kyrie26-ga

Extremely logical and insightful analysis.  Clearly exceeded my expectations.