Technical Info

By Paladion

May 15, 2005

One of our favourite websites on application security, Technical Info hosts a large collection of papers by Gunter Ollman. Here's an introduction to the website.


Here's one of our favorite sites on web application security: TECHNICAL INFO. The web site of Gunter Ollmann, it houses a collection of his papers, observations and opinions. Gunter is the Professional Services Director at Next Generation Security Software and previously worked at ISS X-Force. His writings on contemporary issues in application security are consistently thought provoking and fun.

Gunter's Phishing Guide is quite likely the most detailed technical analysis of the methods used by phishers and the techniques to defend against them. His paper on Web Based Session Management has been a favorite at Paladion for training our application security engineers - if you read only one paper on this site (and we would urge you to read all of them, really!), it is Gunter's description of the best practices for secure session management.

The Opinion section of the site are actually short, insightful pieces into topical issues. For instance, in Custom Flaws for Custom Applications, Gunter points out that internal developers have better understanding of internal systems and are thus able to write applications that integrate better this however provides more avenues for attack, especially when they do not consider security an integral part of the application.

The site would have gained by specifying the dates the papers/opinions were published. As responses to threats mature, it helps to put the writings in the context of the time they were first written.

All in all, this is a site you will enjoy following if you are interested in Application Security.

Tags: Review