Difference between revisions of "OWASP Testing Guide Appendix B: Suggested Reading"

From OWASP
Jump to: navigation, search
Line 69: Line 69:
 
==Useful Websites==
 
==Useful Websites==
  
* OWASP —  http://www.owasp.org
+
* Build Security In - https://buildsecurityin.us-cert.gov/bsi/home.html
  
* SANS - http://www.sans.org
+
* Build Security In – Security-Specific Bibliography -
 +
https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/measurement/1070-BSI.html
  
* Secure Coding http://www.securecoding.org
+
* CERT Secure Coding - http://www.cert.org/secure-coding/
  
* Secure Coding Guidelines for the .NET Framework''''' ''''' - http://msdn.microsoft.com/security/securecode/bestpractices/default.aspx?pull=/library/en-us/dnnetsec/html/seccodeguide.asp
+
* CERT Secure Coding Standards- https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards
  
* Security in the Java platform  —  http://java.sun.com/security
+
* Exploit and Vulnerability Databases - https://buildsecurityin.us-cert.gov/swa/database.html
  
* OASIS WAS XML — http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was
+
* Google Code University – Web Security - http://code.google.com/edu/security/index.html
  
* Build Security In - https://buildsecurityin.us-cert.gov/bsi/home.html
+
* McAfee Foundstone Publications - http://www.mcafee.com/apps/view-all/publications.aspx?tf=foundstone&sz=10
 +
 
 +
* McAfee – Resources Library - http://www.mcafee.com/apps/resource-library-search.aspx?region=us
 +
 
 +
* McAfee Free Tools - http://www.mcafee.com/us/downloads/free-tools/index.aspx
 +
 
 +
* OASIS Web Application Security (WAS) TC — http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was
 +
 
 +
* Open Source Software Testing Tools - http://www.opensourcetesting.org/security.php
 +
 
 +
* OWASP Phoenix/Tool - https://www.owasp.org/index.php/Phoenix/Tools
 +
 
 +
* The Open Web Application Application Security Project (OWASP) — http://www.owasp.org
 +
 
 +
* Pentestmonkey - Pen Testing Cheat Sheets - http://pentestmonkey.net/cheat-sheet
 +
 
 +
* Secure Coding Guidelines for the .NET Framework 4.5 - http://msdn.microsoft.com/en-us/library/8a3x2b7f.aspx
 +
 
 +
* Security in the Java platform - http://docs.oracle.com/javase/6/docs/technotes/guides/security/overview/jsoverview.html
 +
 
 +
* System Administration, Networking, and Security Institute (SANS) - http://www.sans.org
 +
 
 +
* Technical INFO – Making Sense of Security - http://www.technicalinfo.net/index.html
 +
 
 +
* Web Application Security Consortium - http://www.webappsec.org/projects/
 +
 
 +
* Web Application Security Scanner List - http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List
 +
 
 +
* Web Security – Articles - http://www.acunetix.com/websitesecurity/articles/
  
 
==Videos==
 
==Videos==

Revision as of 11:03, 21 November 2012

This article is part of the new OWASP Testing Guide v4. 
At the moment the project is in the REVIEW phase.

Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: http://www.owasp.org/index.php/OWASP_Testing_Project

Contents


Whitepapers

Books

  • James S. Tiller: "The Ethical Hack: A Framework for Business Value Penetration Testing", Auerbach, ISBN: 084931609X
  • Susan Young, Dave Aitel: "The Hacker's Handbook: The Strategy behind Breaking into and Defending Networks", Auerbach, ISBN: 0849308887
  • Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X
  • Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)
  • Beizer, Boris, Software Testing Techniques, 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720

Useful Websites

  • Build Security In – Security-Specific Bibliography -

https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/measurement/1070-BSI.html

Videos

Deliberately Insecure Web Applications

  • Hacme Series from McAfee: