[WEB SECURITY] suggested reading on new HTTP security-related headers
travis+ml-webappsec at subspacefield.org
travis+ml-webappsec at subspacefield.org
Mon Oct 25 10:17:19 EDT 2010
Hey all,
Apart from this and its references:
http://w2spconf.com/2010/papers/p11.pdf
...can anyone recommend good references on the new security-related
HTTP headers?
PS: I'm trying to put together a free computer security book:
http://www.subspacefield.org/security/security_concepts.html
While the web security section may not impress you, I think I have one
of the most readable descriptions of the PKCS #5 Padding Oracle
attack:
http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc30.5
(I may have it saying PKCS#7 there; that's a typo)
--
Good code works on most inputs; correct code works on all inputs.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20101025/274b8322/attachment.bin>
More information about the websecurity
mailing list