[WEB SECURITY] suggested reading on new HTTP security-related headers

travis+ml-webappsec at subspacefield.org travis+ml-webappsec at subspacefield.org
Mon Oct 25 10:17:19 EDT 2010


Hey all,

Apart from this and its references:

http://w2spconf.com/2010/papers/p11.pdf

...can anyone recommend good references on the new security-related
HTTP headers?

PS: I'm trying to put together a free computer security book:

http://www.subspacefield.org/security/security_concepts.html

While the web security section may not impress you, I think I have one
of the most readable descriptions of the PKCS #5 Padding Oracle
attack:

http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc30.5

(I may have it saying PKCS#7 there; that's a typo)
-- 
Good code works on most inputs; correct code works on all inputs.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20101025/274b8322/attachment.bin>


More information about the websecurity mailing list