Difference between revisions of "OWASP Testing Guide Appendix B: Suggested Reading"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
 
* The Economic Impacts of Inadequate Infrastructure for Software Testing - http://www.nist.gov/director/planning/upload/report02-3.pdf
 
* The Economic Impacts of Inadequate Infrastructure for Software Testing - http://www.nist.gov/director/planning/upload/report02-3.pdf
  
* Improving Web Application Security: Threats and Countermeasures-
+
* Improving Web Application Security: Threats and Countermeasures- http://msdn.microsoft.com/en-us/library/ff649874.aspx
http://msdn.microsoft.com/en-us/library/ff649874.aspx
+
  
 
* NIST Publications - http://csrc.nist.gov/publications/PubsSPs.html
 
* NIST Publications - http://csrc.nist.gov/publications/PubsSPs.html
  
* The Open Web Application Security Project (OWASP) Guide Project -  
+
* The Open Web Application Security Project (OWASP) Guide Project - https://www.owasp.org/index.php/Category:OWASP_Guide_Project
https://www.owasp.org/index.php/Category:OWASP_Guide_Project
+
  
* Security Considerations in the System Development Life Cycle (NIST) -  
+
* Security Considerations in the System Development Life Cycle (NIST) - http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890097
http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890097
+
  
* The Security of Applications: Not All Are Created Equal -  
+
* The Security of Applications: Not All Are Created Equal - http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf
http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf
+
  
 
* Software Assurance: An Overview of Current Practices - http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf
 
* Software Assurance: An Overview of Current Practices - http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf
Line 23: Line 19:
 
* Software Security Testing: Software Assurance Pocket guide Series: Development, Volume III - https://buildsecurityin.us-cert.gov/swa/downloads/SoftwareSecurityTesting_PocketGuide_1%200_05182012_PostOnline.pdf
 
* Software Security Testing: Software Assurance Pocket guide Series: Development, Volume III - https://buildsecurityin.us-cert.gov/swa/downloads/SoftwareSecurityTesting_PocketGuide_1%200_05182012_PostOnline.pdf
  
* Use Cases: Just the FAQs and Answers –  
+
* Use Cases: Just the FAQs and Answers – http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf
http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf
+
  
  

Revision as of 11:06, 21 November 2012

This article is part of the new OWASP Testing Guide v4. 
At the moment the project is in the REVIEW phase.

Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: http://www.owasp.org/index.php/OWASP_Testing_Project

Contents


Whitepapers

Books

  • James S. Tiller: "The Ethical Hack: A Framework for Business Value Penetration Testing", Auerbach, ISBN: 084931609X
  • Susan Young, Dave Aitel: "The Hacker's Handbook: The Strategy behind Breaking into and Defending Networks", Auerbach, ISBN: 0849308887
  • Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X
  • Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)
  • Beizer, Boris, Software Testing Techniques, 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720

Useful Websites

Videos

Deliberately Insecure Web Applications

  • Hacme Series from McAfee: