OWASP Testing Guide Appendix B: Suggested Reading

african american business directory symantec antivirus corporate asian smilies 2 asian cute girl asia east map north asian soybean rust boss magazine australia dodge neon automatic transmission sitemap visa travel australia auto chicago show wheels world australia bank fee loan personal gio insurance western australia asianspirit philippines how to automate ftp australia coast queensland sunshine tour url hitman2 silent assasian pc game cheats australian crystals teaching africa australia craft supply interstoff asia busty asian mom agrisoft antivirus australian idol concert african wild dogs scientific name grand heft auto australia student loans tales of phantasia ova 2 bittorrent automotive key blanks domain african central climate geography republic ase auto body test african wildlife fund teds camera house australia antivirus software for my macintosh africa slave trade lesson plan antivirus small business edition airline tickets to africa dubai emirates cheap tickets to africa autocad cars african circumcision female page asian pork chop australian sheep dog rescue landlocked african country http://www.textaldommonl.com

Whitepapers

 * The OWASP Guide to Building Secure Web Applications


 * The Economic Impacts of Inadequate Infrastructure for Software Testing - http://www.nist.gov/director/prog-ofc/report02-3.pdf


 * Threats and Countermeasures: Improving Web Application Security - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/threatcounter.asp


 * Use Cases: Just the FAQs and Answers - http://www-106.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf

[[Category:FIXME|broken link


 * Security in the SDLC (NIST) - http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf
 * Web Application Security is Not an Oxy-Moron, by Mark Curphey - http://www.sbq.com/sbq/app_security/index.html
 * The Security of Applications: Not All Are Created Equal - http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf
 * The Security of Applications Reloaded - http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf

]]

Books

 * James S. Tiller: "The Ethical Hack: A Framework for Business Value Penetration Testing", Auerbach, ISBN: 084931609X


 * Susan Young, Dave Aitel: "The Hacker's Handbook: The Strategy behind Breaking into and Defending Networks", Auerbach, ISBN: 0849308887


 * Secure Coding, by Mark Graff and Ken Van Wyk, published by OÃ¢ÂÂReilly, ISBN 0596002424(2003) - http://www.securecoding.org


 * Building Secure Software: How to Avoid Security Problems the Right Way, by Gary McGraw and John Viega, published by Addison-Wesley Pub Co, ISBN 020172152X (2002) - http://www.buildingsecuresoftware.com


 * Writing Secure Code, by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2003) http://www.microsoft.com/mspress/books/5957.asp


 * Innocent Code: A Security Wake-Up Call for Web Programmers, by Sverre Huseby, published by John Wiley & Sons, ISBN 0470857447(2004) - http://innocentcode.thathost.com


 * Exploiting Software: How to Break Code, by Gary McGraw and Greg Hoglund, published by Addison-Wesley Pub Co, ISBN 0201786958 (2004) -http://www.exploitingsoftware.com


 * Secure Programming for Linux and Unix HOWTO, David Wheeler (2004) - http://www.dwheeler.com/secure-programs


 * Mastering the Requirements Process, by Suzanne Robertson and James Robertsonn, published by Addison-Wesley Professional, ISBN 0201360462 - http://www.systemsguild.com/GuildSite/Robs/RMPBookPage.html


 * The Unified Modeling Language Ã¢ÂÂ A User Guide - http://www.awprofessional.com/catalog/product.asp?product_id=%7B9A2EC551-6B8D-4EBC-A67E-84B883C6119F%7D


 * Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X


 * Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)


 * Securing Java, by Gary McGraw, Edward W. Felten, published by Wiley, ISBN 047131952X (1999) - http://www.securingjava.com


 * Beizer, Boris, Software Testing Techniques, 2nd Edition, ÃÂ© 1990 International Thomson Computer Press, ISBN 0442206720

[[Category:FIXME|broken links, I left them above


 * Building Secure Software: How to Avoid Security Problems the Right Way, by Gary McGraw and John Viega, published by Addison-Wesley Pub Co, ISBN 020172152X (2002) - http://www.buildingsecuresoftware.com


 * Writing Secure Code, by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2003) http://www.microsoft.com/mspress/books/5957.asp


 * The Unified Modeling Language Ã¢ÂÂ A User Guide - http://www.awprofessional.com/catalog/product.asp?product_id=%7B9A2EC551-6B8D-4EBC-A67E-84B883C6119F%7D

]]

Useful Websites

 * OWASP Ã¢ÂÂ http://www.owasp.org


 * SANS - http://www.sans.org


 * Secure Coding Ã¢ÂÂ http://www.securecoding.org


 * Secure Coding Guidelines for the .NET Framework  - http://msdn.microsoft.com/security/securecode/bestpractices/default.aspx?pull=/library/en-us/dnnetsec/html/seccodeguide.asp


 * Security in the Java platform Ã¢ÂÂ  http://java.sun.com/security


 * OASIS WAS XML Ã¢ÂÂ http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was