This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Testing Guide Appendix B: Suggested Reading"
(→Useful Websites) |
|||
Line 1: | Line 1: | ||
− | {{Template:OWASP Testing Guide}} | + | [[http://www.owasp.org/index.php/Web_Application_Penetration_Testing_AoC Up]]<br> |
+ | {{Template:OWASP Testing Guide v2}} | ||
==Whitepapers== | ==Whitepapers== | ||
Line 81: | Line 82: | ||
Additional resources are available at <u>http://www.securecoding.org/companion/links.php</u> | Additional resources are available at <u>http://www.securecoding.org/companion/links.php</u> | ||
− | |||
− | {{ | + | {{Category:OWASP Testing Project AoC}} |
Revision as of 21:39, 12 November 2006
[Up]
OWASP Testing Guide v2 Table of Contents
Whitepapers
- Security in the SDLC (NIST)
http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf Note: Need to change to official link.
- The OWASP Guide to Building Secure Web Applications (Version 1.0)
http://www.owasp.org/documentation/guide
- The OWASP Guide to Building Secure Web Applications (Working Draft Version 2.0)
http://www.owasp.org/documentation/guide current
- The Economic Impacts of Inadequate Infrastructure for Software Testing
http://www.nist.gov/director/prog-ofc/report02-3.pdf
- Threats and Countermeasures – Improving Web Application Security
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/threatcounter.asp
- The Security of Applications: Not All Are Created Equal
http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf
- The Security of Applications Reloaded
http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf
- Use Cases: Just the FAQs and Answers
Books
- Beizer, Boris, Software Testing Techniques, 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720
- Secure Coding, by Mark Graff and Ken Van Wyk, published by O’Reilly, ISBN 0596002424(2003)
- Building Secure Software: How to Avoid Security Problems the Right Way, by Gary McGraw and John Viega, published by Addison-Wesley Pub Co, ISBN 020172152X (2002)
http://www.buildingsecuresoftware.com
- Writing Secure Code, by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2003)
http://www.microsoft.com/mspress/books/5957.asp
- Innocent Code: A Security Wake-Up Call for Web Programmers, by Sverre Huseby, published by John Wiley & Sons, ISBN 0470857447(2004)
http://innocentcode.thathost.com
- Exploiting Software: How to Break Code, by Gary McGraw and Greg Hoglund, published by Addison-Wesley Pub Co, ISBN 0201786958 (2004)
http://www.exploitingsoftware.com
- Secure Programming for Linux and Unix HOWTO, David Wheeler (2004)
http://www.dwheeler.com/secure-programs/
- Mastering the Requirements Process, by Suzanne Robertson and James Robertsonn, published by Addison-Wesley Professional, ISBN 0201360462
http://www.systemsguild.com/GuildSite/Robs/RMPBookPage.html
- The Unified Modeling Language – A User Guide
- Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X
- Software Testing In The Real World (Acm Press Books)
by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)
- Securing Java, by Gary McGraw, Edward W. Felten, published by Wiley, ISBN 047131952X (1999)
Articles
- Web Application Security is Not an Oxy-Moron, by Mark Curphey
http://www.sbq.com/sbq/app_security/index.html
Software Security Testing – Back to Basics (The OWASP Testing Framework) – Mark Curphey http://softwaremag.com
Useful Websites
- OWASP — http://www.owasp.org==
- Secure Coding — http://www.securecoding.org
- Secure Coding Guidelines for the .NET Framework http://msdn.microsoft.com/security/securecode/bestpractices/default.aspx?pull=/library/en-us/dnnetsec/html/seccodeguide.asp
- Security in the Java platform — http://java.sun.com/security/
- OASIS WAS XML — http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was
Additional resources are available at http://www.securecoding.org/companion/links.php
OWASP Testing Guide v2
Here is the OWASP Testing Guide v2 Table of Contents