Difference between revisions of "OWASP Testing Guide Appendix B: Suggested Reading"

From OWASP
Jump to: navigation, search
Line 69: Line 69:
 
==Useful Websites==
 
==Useful Websites==
  
* OWASP —  http://www.owasp.org
+
* Build Security In - https://buildsecurityin.us-cert.gov/bsi/home.html
  
* SANS - http://www.sans.org
+
* Build Security In – Security-Specific Bibliography -
 +
https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/measurement/1070-BSI.html
  
* Secure Coding http://www.securecoding.org
+
* CERT Secure Coding - http://www.cert.org/secure-coding/
  
* Secure Coding Guidelines for the .NET Framework''''' ''''' - http://msdn.microsoft.com/security/securecode/bestpractices/default.aspx?pull=/library/en-us/dnnetsec/html/seccodeguide.asp
+
* CERT Secure Coding Standards- https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards
  
* Security in the Java platform  —  http://java.sun.com/security
+
* Exploit and Vulnerability Databases - https://buildsecurityin.us-cert.gov/swa/database.html
  
* OASIS WAS XML — http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was
+
* Google Code University – Web Security - http://code.google.com/edu/security/index.html
  
* Build Security In - https://buildsecurityin.us-cert.gov/bsi/home.html
+
* McAfee Foundstone Publications - http://www.mcafee.com/apps/view-all/publications.aspx?tf=foundstone&sz=10
 +
 
 +
* McAfee – Resources Library - http://www.mcafee.com/apps/resource-library-search.aspx?region=us
 +
 
 +
* McAfee Free Tools - http://www.mcafee.com/us/downloads/free-tools/index.aspx
 +
 
 +
* OASIS Web Application Security (WAS) TC — http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was
 +
 
 +
* Open Source Software Testing Tools - http://www.opensourcetesting.org/security.php
 +
 
 +
* OWASP Phoenix/Tool - https://www.owasp.org/index.php/Phoenix/Tools
 +
 
 +
* The Open Web Application Application Security Project (OWASP) — http://www.owasp.org
 +
 
 +
* Pentestmonkey - Pen Testing Cheat Sheets - http://pentestmonkey.net/cheat-sheet
 +
 
 +
* Secure Coding Guidelines for the .NET Framework 4.5 - http://msdn.microsoft.com/en-us/library/8a3x2b7f.aspx
 +
 
 +
* Security in the Java platform - http://docs.oracle.com/javase/6/docs/technotes/guides/security/overview/jsoverview.html
 +
 
 +
* System Administration, Networking, and Security Institute (SANS) - http://www.sans.org
 +
 
 +
* Technical INFO – Making Sense of Security - http://www.technicalinfo.net/index.html
 +
 
 +
* Web Application Security Consortium - http://www.webappsec.org/projects/
 +
 
 +
* Web Application Security Scanner List - http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List
 +
 
 +
* Web Security – Articles - http://www.acunetix.com/websitesecurity/articles/
  
 
==Videos==
 
==Videos==

Revision as of 11:03, 21 November 2012

This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project

Whitepapers

Books

  • James S. Tiller: "The Ethical Hack: A Framework for Business Value Penetration Testing", Auerbach, ISBN: 084931609X
  • Susan Young, Dave Aitel: "The Hacker's Handbook: The Strategy behind Breaking into and Defending Networks", Auerbach, ISBN: 0849308887
  • Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X
  • Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)
  • Beizer, Boris, Software Testing Techniques, 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720

Useful Websites

  • Build Security In – Security-Specific Bibliography -

https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/measurement/1070-BSI.html

Videos

Deliberately Insecure Web Applications

  • Hacme Series from McAfee: