Difference between revisions of "OWASP Testing Guide Appendix B: Suggested Reading"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
==Whitepapers==
 
==Whitepapers==
  
* ''[[:Category:OWASP_Guide_Project|The OWASP Guide to Building Secure Web Applications]]''
+
* The Economic Impacts of Inadequate Infrastructure for Software Testing - http://www.nist.gov/director/planning/upload/report02-3.pdf
  
* ''The Economic Impacts of Inadequate Infrastructure for Software Testing'' - http://www.nist.gov/director/prog-ofc/report02-3.pdf
+
* Improving Web Application Security: Threats and Countermeasures-
 +
http://msdn.microsoft.com/en-us/library/ff649874.aspx
  
* ''Threats and Countermeasures: Improving Web Application Security'' - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/threatcounter.asp
+
* NIST Publications - http://csrc.nist.gov/publications/PubsSPs.html
  
* ''Use Cases: Just the FAQs and Answers'' - http://www-106.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf
+
* The Open Web Application Security Project (OWASP) Guide Project -  
 +
https://www.owasp.org/index.php/Category:OWASP_Guide_Project
  
 +
* Security Considerations in the System Development Life Cycle (NIST) -
 +
http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890097
  
[[Category:FIXME|broken link
+
* The Security of Applications: Not All Are Created Equal -
 +
http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf
  
* ''Security in the SDLC (NIST)'' - http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf
+
* Software Assurance: An Overview of Current Practices - http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf
* ''Web Application Security is Not an Oxy-Moron, by Mark Curphey'' - http://www.sbq.com/sbq/app_security/index.html
+
* ''The Security of Applications: Not All Are Created Equal'' - http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf
+
* ''The Security of Applications Reloaded'' - http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf
+
  
 +
* Software Security Testing: Software Assurance Pocket guide Series: Development, Volume III - https://buildsecurityin.us-cert.gov/swa/downloads/SoftwareSecurityTesting_PocketGuide_1%200_05182012_PostOnline.pdf
  
 +
* Use Cases: Just the FAQs and Answers –
 +
http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf
  
  
 +
 +
[[Category:FIXME|broken link
 +
 +
* ''Web Application Security is Not an Oxy-Moron, by Mark Curphey'' - http://www.sbq.com/sbq/app_security/index.html
 +
* ''The Security of Applications Reloaded'' - http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf
  
 
]]
 
]]

Revision as of 11:06, 21 November 2012

This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project

Whitepapers

  • Improving Web Application Security: Threats and Countermeasures-

http://msdn.microsoft.com/en-us/library/ff649874.aspx

  • The Open Web Application Security Project (OWASP) Guide Project -

https://www.owasp.org/index.php/Category:OWASP_Guide_Project

  • Security Considerations in the System Development Life Cycle (NIST) -

http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890097

  • The Security of Applications: Not All Are Created Equal -

http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf

  • Use Cases: Just the FAQs and Answers –

http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf

Books

  • James S. Tiller: "The Ethical Hack: A Framework for Business Value Penetration Testing", Auerbach, ISBN: 084931609X
  • Susan Young, Dave Aitel: "The Hacker's Handbook: The Strategy behind Breaking into and Defending Networks", Auerbach, ISBN: 0849308887
  • Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X
  • Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)
  • Beizer, Boris, Software Testing Techniques, 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720

Useful Websites

Videos

Deliberately Insecure Web Applications

  • Hacme Series from McAfee: