This page was last modified: May 7, 2008 10:29 AM

This is a compilation of some interesting articles and documents that explain some potential security flaws and in some cases the way to prevent or avoid them (hopefully). This list is by far not complete and not intended for end users but for developers. In some cases contain hard to understand articles that requires previous knowledge like network protocols and standarts, cryptography, math and number theory not available in this compilation. Although only serves as an introduction and not intended to be a full reference, feel free to submit candidate links containing useful information you might be aware of to halplus at for inclusion. They will serve not only to other developers but to anyone interested into building safe systems. The most up to date list can be obtained at


  1. Side-Channel Attacks on Symmetric Encryption Schemes
  2. Integrity protection and error propagation (Wikipedia)
  3. Cryptanalysis of MD5 and SHA: Time for a New Standard
  4. Padding in RSA and Small exponents
  5. RSA-encrypted messages using the PKCS #1 v1
  6. RSA Branch Prediction Analysis
  7. Handbook of applied Cryptography (see chapter 8 - Public-Key Encryption available for free)
  8. RSA Timing Attacks Whitepaper
  9. Blowfish known attack on reduced rounds version

Database security(requires expansion)

  1. Secure MySQL Database Design

Potential Web applications security issues

Java security

  1. Twelve rules for developing more secure Java code - Part 1
  2. Twelve rules for developing more secure Java code - Part 2
  3. Twelve rules for developing more secure Java code - Part 3
  4. Document about Java Virtual Machines security by Last Stage of Delirium Research Group (locally mirrored)
  5. Applet Security FAQ
  6. SecureRandom
  7. Securing Apache Tomcat

.net security

Others(but important)

Electronic emanations

  1. Countermeasures against electromagnetic emanations
  2. Unofficial TEMPEST Information Page
  3. Wikipedia Entry on TEMPEST Logo
Copyright (c) 2008 - Waldo Alvarez Cañizares -