Difference between revisions of "OWASP Testing Guide Appendix B: Suggested Reading"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
==Whitepapers==
 
==Whitepapers==
  
* ''[[:Category:OWASP_Guide_Project|The OWASP Guide to Building Secure Web Applications]]''
+
* The Economic Impacts of Inadequate Infrastructure for Software Testing - http://www.nist.gov/director/planning/upload/report02-3.pdf
  
* ''The Economic Impacts of Inadequate Infrastructure for Software Testing'' - http://www.nist.gov/director/prog-ofc/report02-3.pdf
+
* Improving Web Application Security: Threats and Countermeasures-
 +
http://msdn.microsoft.com/en-us/library/ff649874.aspx
  
* ''Threats and Countermeasures: Improving Web Application Security'' - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/threatcounter.asp
+
* NIST Publications - http://csrc.nist.gov/publications/PubsSPs.html
  
* ''Use Cases: Just the FAQs and Answers'' - http://www-106.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf
+
* The Open Web Application Security Project (OWASP) Guide Project -  
 +
https://www.owasp.org/index.php/Category:OWASP_Guide_Project
  
 +
* Security Considerations in the System Development Life Cycle (NIST) -
 +
http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890097
  
[[Category:FIXME|broken link
+
* The Security of Applications: Not All Are Created Equal -
 +
http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf
  
* ''Security in the SDLC (NIST)'' - http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf
+
* Software Assurance: An Overview of Current Practices - http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf
* ''Web Application Security is Not an Oxy-Moron, by Mark Curphey'' - http://www.sbq.com/sbq/app_security/index.html
+
* ''The Security of Applications: Not All Are Created Equal'' - http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf
+
* ''The Security of Applications Reloaded'' - http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf
+
  
 +
* Software Security Testing: Software Assurance Pocket guide Series: Development, Volume III - https://buildsecurityin.us-cert.gov/swa/downloads/SoftwareSecurityTesting_PocketGuide_1%200_05182012_PostOnline.pdf
  
 +
* Use Cases: Just the FAQs and Answers –
 +
http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf
  
  
 +
 +
[[Category:FIXME|broken link
 +
 +
* ''Web Application Security is Not an Oxy-Moron, by Mark Curphey'' - http://www.sbq.com/sbq/app_security/index.html
 +
* ''The Security of Applications Reloaded'' - http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf
  
 
]]
 
]]

Revision as of 11:06, 21 November 2012

This article is part of the new OWASP Testing Guide v4. 
At the moment the project is in the REVIEW phase.

Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: http://www.owasp.org/index.php/OWASP_Testing_Project

Contents


Whitepapers

  • Improving Web Application Security: Threats and Countermeasures-

http://msdn.microsoft.com/en-us/library/ff649874.aspx

  • The Open Web Application Security Project (OWASP) Guide Project -

https://www.owasp.org/index.php/Category:OWASP_Guide_Project

  • Security Considerations in the System Development Life Cycle (NIST) -

http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890097

  • The Security of Applications: Not All Are Created Equal -

http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf

  • Use Cases: Just the FAQs and Answers –

http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf

Books

  • James S. Tiller: "The Ethical Hack: A Framework for Business Value Penetration Testing", Auerbach, ISBN: 084931609X
  • Susan Young, Dave Aitel: "The Hacker's Handbook: The Strategy behind Breaking into and Defending Networks", Auerbach, ISBN: 0849308887
  • Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X
  • Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)
  • Beizer, Boris, Software Testing Techniques, 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720

Useful Websites

Videos

Deliberately Insecure Web Applications

  • Hacme Series from McAfee: