Programming Languages
In this section you’ll find Guides for secure programming in:
PHP Security
This section contains technical information and recommendations on security aspects about the PHP programming language.
| Topic | Version | Language | Date | Type | Format | Author |
|---|---|---|---|---|---|---|
| PHP-Secure-Programming |
|
|
02/12/07 | Whitepaper |
doc
|
EUROSEC |
| Sichere Programmierung von PHP |
|
11/23/05 | Course Material |
pdf
ppt |
EUROSEC |
Java Security
This section contains technical information and recommendations on security aspects about the Java programming language.
| Topic | Version | Language | Date | Type | Format | Author |
|---|---|---|---|---|---|---|
| Java Security |
|
11/23/05 | Course Material |
pdf
ppt |
EUROSEC | |
| Secure Java Programming | 0.9 |
|
12/07/05 | Whitepaper |
doc
|
EUROSEC |
| Java Best Practice Guide | 3.0 |
|
10/10/06 | Best Practice Guide |
pdf
|
SAP |
| E-learning Applikation SecologicTrain | 1.0 |
|
12/19/06 | Software archive |
zip
|
SAP |
SecologicTrain is an E-learning application, written in Java, which shows you typically vulnerabilities in the area of WebSecurity. With practical exercises you can study problems and solutions of secure programming. We designed a static prototype with the exercise 'Cookie Security'. The full version is programed in Java/JSP and ready to download. The topics of the downloadable version are: XSS (Cross Site Scripting), SQL-Injection, X-Path Injection, Cookie Security. Preconditions are an installed MySql Database and a Apache Tomcat. An installation guide is in the zip-file included.
C / C++ Security
This section contains technical information and recommendations on security aspects about the C and/or C++ programming language.
| Topic | Version | Language | Date | Type | Format | Author |
|---|---|---|---|---|---|---|
| Sichere Programmierung von C |
|
11/23/05 | Course Material |
pdf
ppt |
EUROSEC | |
| Secure C Programming | 1.0 |
|
12/07/05 | Whitepaper |
doc
|
EUROSEC |
| Tutorial C Insecurities |
|
12/09/05 | Presentation |
pdf
pps |
SVS-UHH | |
| Secure Code Tools |
|
12/09/05 | Presentation |
pdf
pps |
SVS-UHH |
JavaScript Security
This section contains technical information and recommendations on security aspects about the JavaScript programming language. The paper focusses on filtering aspects to provide countermeasures against cross-site scripting attacks.
| Topic | Version | Language | Date | Type | Format | Author |
|---|---|---|---|---|---|---|
| Filtering JavaScript | 0.9 |
|
12/07/05 | Whitepaper |
doc
|
EUROSEC |
WebServices Security
This section contains among others a Best Practice Guide for WebServices Security.
| Topic | Version | Language | Date | Type | Format | Author |
|---|---|---|---|---|---|---|
| Web Service Security | 1.0 |
|
February 2007 | Best Practice Guide |
pdf
|
SAP |
| Security Tests for Web Services | 1.0 |
|
March 2007 | Best Practice Guide |
pdf
|
SAP |
| Web Service-Security Policy, Kurz-Analyse und Vergleich zwischen den Versionen 1.0 und 1.2 | 1.1 |
|
September 2007 | White Paper und MindMap |
zip
|
SAP |
Furthermore, an example implementation of a secure and reliable web service scenario can be found here. The code comprises a web application to initiate the credit card order and a set of web services to accept order and status requests. It is implemented in Java using in one case the open source software NetBeans and GlassFish from Sun Microsystems and in the other case SAP NetWeaver.
| Topic | Version | Language | Date | Type | Format | Author |
|---|---|---|---|---|---|---|
| Secure Web Services; Example Implementation in GlassFish | 1.0 |
|
March 2007 | Java Example Implementation and Documentation |
zip
|
SAP |
| Secure Web Services; Example Implementation for SAP Netweaver 2004 | 1.0 |
|
March 2007 | Java Example Implementation and Documentation |
zip
|
SAP |