Difference between revisions of "Top 10 2007-References"

From OWASP
Jump to: navigation, search
(OWASP Projects)
 
(15 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
{{Top_10_2007:TopTemplate|usenext=Nothing|next=|useprev=PrevLink|prev=-Where to Go From Here|usemain=MainLink|main=}}
 
{{Top_10_2007:TopTemplate|usenext=Nothing|next=|useprev=PrevLink|prev=-Where to Go From Here|usemain=MainLink|main=}}
 
 
{{FIXUP|Neil Smithline|Replace With Final Text Here}}
 
 
 
 
  
 
== OWASP Projects ==
 
== OWASP Projects ==
 
+
[[category:FIXME|the "forums" and "blogs" links below aren't working, but I am cannot find the correct pages]]
OWASP is the premier site for web application security. The [http://www.owasp.org/ OWASP site] hosts many [http://www.owasp.org/index.php/Category:OWASP_Project projects], [http://forum.owasp.org/ forums], [http://blogs.owasp.org/ blogs], [http://www.owasp.org/index.php/Category:OWASP_Presentations presentations], [http://www.owasp.org/index.php/Category:OWASP_Project tools], and [http://www.owasp.org/index.php/Category:OWASP_Papers papers]. OWASP hosts two major [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference web application security conferences] per year, and has over 80 local [http://www.owasp.org/index.php/Category:OWASP_Chapter chapters].  
+
OWASP is the premier site for web application security. The [http://www.owasp.org/ OWASP site] hosts many [[::category:OWASP_Project|projects]], [http://forum.owasp.org/ forums], [http://blogs.owasp.org/ blogs], [[::Category:OWASP_Presentations|presentations]], [[::Category:OWASP_Project|tools]], and [[::Category:OWASP_Papers|papers]]. OWASP hosts two major [[::Category:OWASP_AppSec_Conference|web application security conferences]] per year, and has over 80 local [[::Category:OWASP_Chapter|chapters]].  
  
 
The following OWASP projects are most likely to be useful:
 
The following OWASP projects are most likely to be useful:
  
*[http://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Guide to Building Secure Web Applications]
+
*[[::Category:OWASP_Guide_Project|OWASP Guide to Building Secure Web Applications]]
*[http://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide]
+
*[[::Category:OWASP_Testing_Project|OWASP Testing Guide]]
*[http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review Project] (in development)
+
*[[::Category:OWASP Code Review Project|OWASP Code Review Guide]]
*[http://www.owasp.org/index.php/Category:OWASP_PHP_Project OWASP PHP Project] (in development)
+
*[[::Category:OWASP_PHP_Project|OWASP PHP Project]] (in development)
*[http://www.owasp.org/index.php/Category:OWASP_Java_Project OWASP Java Project]  
+
*[[::Category:OWASP_Java_Project|OWASP Java Project]]
*[http://www.owasp.org/index.php/Category:OWASP_.NET_Project OWASP .NET Project]
+
*[[::Category:OWASP_.NET_Project|OWASP .NET Project]]
  
 
== Books ==
 
== Books ==
  
 +
By necessity, this is not an exhaustive list. Use these references to find the appropriate area in your local bookstore and pick a few titles (including potentially one or more of the following) that suit your needs:
 +
 +
*[ALS1] Alshanetsky, I. “''php|architect's Guide to PHP Security''”, ISBN 0973862106
 +
*[BAI1] Baier, D., “''Developing more secure ASP.NET 2.0 Applications''”, ISBN 978-0-7356-2331-6
 
*[GAL1] Gallagher T., Landauer L., Jeffries B., "''Hunting Security Bugs''", Microsoft Press, ISBN 073562187X
 
*[GAL1] Gallagher T., Landauer L., Jeffries B., "''Hunting Security Bugs''", Microsoft Press, ISBN 073562187X
 +
*[GRO1] Fogie, Grossman, Hansen, Rager, “''Cross Site Scripting Attacks: XSS Exploits and Defense''”, ISBN 1597491543
 
*[HOW1] Howard M., Lipner S., "''The Security Development Lifecycle''", Microsoft Press, ISBN 0735622140
 
*[HOW1] Howard M., Lipner S., "''The Security Development Lifecycle''", Microsoft Press, ISBN 0735622140
*[HOW2] Howard M., Le Blanc D., "Writing Secure Code", 2nd ed., Microsoft Press, ISBN 0735617228
+
*[SCH1 Schneier B., “Practical Cryptography”, Wiley, ISBN 047122894X
*[SCH1] Schneier B., "''Practical Cryptography''", Wiley, ISBN 047122894X
+
*[SHI1] Shiflett, C., ''Essential PHP Security'', ISBN 059600656X
 
*[WYS1] Wysopal et al, ''The Art of Software Security Testing: Identifying Software Security Flaws'', ISBN 0321304861
 
*[WYS1] Wysopal et al, ''The Art of Software Security Testing: Identifying Software Security Flaws'', ISBN 0321304861
  
== Web Sites ==
+
== Web Sites ==
  
*OWASP, [http://www.owasp.org/ http://www.owasp.org]
+
*OWASP, [http://www.owasp.org/ http://www.owasp.org]  
 
*MITRE, Common Weakness Enumeration – Vulnerability Trends, [http://cwe.mitre.org/documents/vuln-trends.html http://cwe.mitre.org/documents/vuln-trends.html]
 
*MITRE, Common Weakness Enumeration – Vulnerability Trends, [http://cwe.mitre.org/documents/vuln-trends.html http://cwe.mitre.org/documents/vuln-trends.html]
 +
*Web Application Security Consortium, [http://www.webappsec.org/ http://www.webappsec.org/]
 
*SANS Top 20, [http://www.sans.org/top20/ http://www.sans.org/top20/]  
 
*SANS Top 20, [http://www.sans.org/top20/ http://www.sans.org/top20/]  
 
*PCI Security Standards Council, publishers of the PCI standards, relevant to all organizations processing or holding credit card data, [https://www.pcisecuritystandards.org/ https://www.pcisecuritystandards.org/]  
 
*PCI Security Standards Council, publishers of the PCI standards, relevant to all organizations processing or holding credit card data, [https://www.pcisecuritystandards.org/ https://www.pcisecuritystandards.org/]  
Line 37: Line 37:
 
*Build Security In, US CERT, [https://buildsecurityin.us-cert.gov/daisy/bsi/home.html https://buildsecurityin.us-cert.gov/daisy/bsi/home.html]  
 
*Build Security In, US CERT, [https://buildsecurityin.us-cert.gov/daisy/bsi/home.html https://buildsecurityin.us-cert.gov/daisy/bsi/home.html]  
  
 +
[[category:FIXME|link not working
  
 +
*PCI DSS v1.1, [https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf]
 +
]]
  
 +
{{Top_10_2007:TopTemplate|usenext=Nothing|next=|useprev=PrevLink|prev=-Where to Go From Here|usemain=MainLink|main=}}
  
 
+
[[Category:OWASP Top Ten Project]]
 
+
 
+
 
+
{{Top_10_2007:TopTemplate|usenext=Nothing|next=|useprev=PrevLink|prev=-Where to Go From Here|usemain=MainLink|main=}}
+

Latest revision as of 21:48, 18 April 2010

«««« Main
()
 

OWASP Projects

OWASP is the premier site for web application security. The OWASP site hosts many projects, forums, blogs, presentations, tools, and papers. OWASP hosts two major web application security conferences per year, and has over 80 local chapters.

The following OWASP projects are most likely to be useful:

Books

By necessity, this is not an exhaustive list. Use these references to find the appropriate area in your local bookstore and pick a few titles (including potentially one or more of the following) that suit your needs:

  • [ALS1] Alshanetsky, I. “php|architect's Guide to PHP Security”, ISBN 0973862106
  • [BAI1] Baier, D., “Developing more secure ASP.NET 2.0 Applications”, ISBN 978-0-7356-2331-6
  • [GAL1] Gallagher T., Landauer L., Jeffries B., "Hunting Security Bugs", Microsoft Press, ISBN 073562187X
  • [GRO1] Fogie, Grossman, Hansen, Rager, “Cross Site Scripting Attacks: XSS Exploits and Defense”, ISBN 1597491543
  • [HOW1] Howard M., Lipner S., "The Security Development Lifecycle", Microsoft Press, ISBN 0735622140
  • [SCH1 Schneier B., “Practical Cryptography”, Wiley, ISBN 047122894X
  • [SHI1] Shiflett, C., “Essential PHP Security”, ISBN 059600656X
  • [WYS1] Wysopal et al, The Art of Software Security Testing: Identifying Software Security Flaws, ISBN 0321304861

Web Sites


«««« Main
()