This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Top 10 2007-References"
From OWASP
| Line 2: | Line 2: | ||
| − | {{FIXUP|Neil Smithline| | + | {{FIXUP|Neil Smithline|Replace With Final Text Here}} |
| + | |||
| + | |||
| + | |||
| + | |||
| + | == OWASP Projects == | ||
| + | |||
| + | OWASP is the premier site for web application security. The [http://www.owasp.org/ OWASP site] hosts many [http://www.owasp.org/index.php/Category:OWASP_Project projects], [http://forum.owasp.org/ forums], [http://blogs.owasp.org/ blogs], [http://www.owasp.org/index.php/Category:OWASP_Presentations presentations], [http://www.owasp.org/index.php/Category:OWASP_Project tools], and [http://www.owasp.org/index.php/Category:OWASP_Papers papers]. OWASP hosts two major [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference web application security conferences] per year, and has over 80 local [http://www.owasp.org/index.php/Category:OWASP_Chapter chapters]. | ||
| + | |||
| + | The following OWASP projects are most likely to be useful: | ||
| + | |||
| + | *[http://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Guide to Building Secure Web Applications] | ||
| + | *[http://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide] | ||
| + | *[http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review Project] (in development) | ||
| + | *[http://www.owasp.org/index.php/Category:OWASP_PHP_Project OWASP PHP Project] (in development) | ||
| + | *[http://www.owasp.org/index.php/Category:OWASP_Java_Project OWASP Java Project] | ||
| + | *[http://www.owasp.org/index.php/Category:OWASP_.NET_Project OWASP .NET Project] | ||
| + | |||
| + | == Books == | ||
| + | |||
| + | *[GAL1] Gallagher T., Landauer L., Jeffries B., "''Hunting Security Bugs''", Microsoft Press, ISBN 073562187X | ||
| + | *[HOW1] Howard M., Lipner S., "''The Security Development Lifecycle''", Microsoft Press, ISBN 0735622140 | ||
| + | *[HOW2] Howard M., Le Blanc D., "Writing Secure Code", 2nd ed., Microsoft Press, ISBN 0735617228 | ||
| + | *[SCH1] Schneier B., "''Practical Cryptography''", Wiley, ISBN 047122894X | ||
| + | *[WYS1] Wysopal et al, ''The Art of Software Security Testing: Identifying Software Security Flaws'', ISBN 0321304861 | ||
| + | |||
| + | == Web Sites == | ||
| + | |||
| + | *OWASP, [http://www.owasp.org/ http://www.owasp.org] | ||
| + | *MITRE, Common Weakness Enumeration – Vulnerability Trends, [http://cwe.mitre.org/documents/vuln-trends.html http://cwe.mitre.org/documents/vuln-trends.html] | ||
| + | *SANS Top 20, [http://www.sans.org/top20/ http://www.sans.org/top20/] | ||
| + | *PCI Security Standards Council, publishers of the PCI standards, relevant to all organizations processing or holding credit card data, [https://www.pcisecuritystandards.org/ https://www.pcisecuritystandards.org/] | ||
| + | *PCI DSS v1.1, [https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf] | ||
| + | *Build Security In, US CERT, [https://buildsecurityin.us-cert.gov/daisy/bsi/home.html https://buildsecurityin.us-cert.gov/daisy/bsi/home.html] | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
{{Top_10_2007:TopTemplate|usenext=Nothing|next=|useprev=PrevLink|prev=-Where to Go From Here|usemain=MainLink|main=}} | {{Top_10_2007:TopTemplate|usenext=Nothing|next=|useprev=PrevLink|prev=-Where to Go From Here|usemain=MainLink|main=}} | ||
Revision as of 01:16, 14 May 2007
FIXUP: {{{1}}}: {{{2}}}
OWASP Projects
OWASP is the premier site for web application security. The OWASP site hosts many projects, forums, blogs, presentations, tools, and papers. OWASP hosts two major web application security conferences per year, and has over 80 local chapters.
The following OWASP projects are most likely to be useful:
- OWASP Guide to Building Secure Web Applications
- OWASP Testing Guide
- OWASP Code Review Project (in development)
- OWASP PHP Project (in development)
- OWASP Java Project
- OWASP .NET Project
Books
- [GAL1] Gallagher T., Landauer L., Jeffries B., "Hunting Security Bugs", Microsoft Press, ISBN 073562187X
- [HOW1] Howard M., Lipner S., "The Security Development Lifecycle", Microsoft Press, ISBN 0735622140
- [HOW2] Howard M., Le Blanc D., "Writing Secure Code", 2nd ed., Microsoft Press, ISBN 0735617228
- [SCH1] Schneier B., "Practical Cryptography", Wiley, ISBN 047122894X
- [WYS1] Wysopal et al, The Art of Software Security Testing: Identifying Software Security Flaws, ISBN 0321304861
Web Sites
- OWASP, http://www.owasp.org
- MITRE, Common Weakness Enumeration – Vulnerability Trends, http://cwe.mitre.org/documents/vuln-trends.html
- SANS Top 20, http://www.sans.org/top20/
- PCI Security Standards Council, publishers of the PCI standards, relevant to all organizations processing or holding credit card data, https://www.pcisecuritystandards.org/
- PCI DSS v1.1, https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf
- Build Security In, US CERT, https://buildsecurityin.us-cert.gov/daisy/bsi/home.html
