10.5. Security Guidance

You don't know what you don't know, so how do you know what you don't know? In recent years the IT industry has seen an increased awareness about IT security. Evidence can be seen by the abundance of resources on the subject. Security awareness resources can take many forms from books, articles, conferences, and communities.

Nothing beats curling up alongside a fire and reading the latest IT security book! Some managers and developers alike do not find IT security fun and exciting. They understand the importance of strong security in their application, but would rather be learning about something that is more exciting (such as new language features in the next version of C#). This mindset is very common, and because of this, security communities have emerged that not only help stress the importance of security, but help developers and managers learn how to solve the most common IT security issues.

10.5.1. Web Application Security Consortium

The Web Application Security Consortium (WASC) is an international group of experts, industry practitioners, and organizational representatives who work to produce open source tools and who agree on the best practice security stands for web applications.

The WASC is an open forum to discuss security issues, educate developers and managers about security issues, and act as a vendor natural voice of the web application security industry. Notable Projects

There are many extremely useful projects that are maintained ...

Get Testing ASP.NET Web Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.