An O’Reilly book on web security testing is about to be released. I was a previewer for the book and have been reading chunks of the book these past months. The book is highly readable and packed with ideas. I learned a lot previewing the copy and chatting and emailing with Paco Hope and Ben Walther. See O’Reilly. Cheers to Ben and Paco.

Here’s a look at the table of contents -

The password field is one data entry field I often fly past on my way to testing an application. But maybe I should slow down and spend more time on this essential field. After all, if I can access an application as another user I may have found the most important defect in the application.

The password field has to be strong enough to provide security.

Salted passwords are passwords where random characters are added to the user’s passwords to improve security. From a user’s perspective there is no difference in creating or using the password field. The beauty and value of the salted password is the added protection provided to the user and the system. This blog entry provides the best explanation I've seen of salting.

Oh the shame of it all ! Having promised to keep this up-to-date and not to slip into the "dead-blog" category I have done just that !

I'm sorry ! There are not enough hours in any given day to keep up with work, family and sleep. And I like sleeping ...

Fortunately I was running through my Inbox this morning and came accross something from Testing Reflections and two braincells collided and the guilt came on in waves ... So here I am again ...