This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Testing Guide Appendix B: Suggested Reading"
From OWASP
(→Useful Websites) |
|||
| Line 3: | Line 3: | ||
==Whitepapers== | ==Whitepapers== | ||
| + | * Darrin Barrall: "Automated Cookie Analisys" – http://www.spidynamics.com/assets/documents/SPIcookies.pdf | ||
| + | * ''Security in the SDLC (NIST)'' - http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf | ||
| − | * '' | + | * ''The OWASP Guide to Building Secure Web Applications'' - http://www.owasp.org/index.php/Category:OWASP_Guide_Project |
| − | |||
| − | * ''The | + | * ''The Economic Impacts of Inadequate Infrastructure for Software Testing'' - http://www.nist.gov/director/prog-ofc/report02-3.pdf |
| − | |||
| − | * '' | + | * ''Threats and Countermeasures: Improving Web Application Security'' -<u>http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/threatcounter.asp</u> |
| − | <u>http:// | ||
| − | * ''The | + | * ''The Security of Applications: Not All Are Created Equal'' - http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf |
| − | |||
| − | * '' | + | * ''The Security of Applications Reloaded'' - http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf |
| − | |||
| − | * '' | + | * ''Use Cases: Just the FAQs and Answers'' - http://www-106.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
==Books== | ==Books== | ||
* Beizer, Boris, ''Software Testing Techniques'', 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720 | * Beizer, Boris, ''Software Testing Techniques'', 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720 | ||
| − | * ''Secure Coding,'' by Mark Graff and Ken Van Wyk, published by O’Reilly, ISBN 0596002424''(2003)'' | + | * ''Secure Coding,'' by Mark Graff and Ken Van Wyk, published by O’Reilly, ISBN 0596002424''(2003)'' - http://www.securecoding.org |
| − | |||
| − | * ''Building Secure Software: How to Avoid Security Problems the Right Way'', by Gary McGraw and John Viega, published by Addison-Wesley Pub Co, ISBN 020172152X'' (2002)'' | + | * ''Building Secure Software: How to Avoid Security Problems the Right Way'', by Gary McGraw and John Viega, published by Addison-Wesley Pub Co, ISBN 020172152X'' (2002)'' - http://www.buildingsecuresoftware.com |
| − | |||
| − | * ''Writing Secure Code,'' by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2003) | + | * ''Writing Secure Code,'' by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2003) http://www.microsoft.com/mspress/books/5957.asp |
| − | |||
* ''Innocent Code: A Security Wake-Up Call for Web Programmers,'' by Sverre Huseby, published by John Wiley & Sons, ISBN 0470857447(2004) | * ''Innocent Code: A Security Wake-Up Call for Web Programmers,'' by Sverre Huseby, published by John Wiley & Sons, ISBN 0470857447(2004) | ||
| − | + | http://innocentcode.thathost.com | |
* ''Exploiting Software: How to Break Code, ''by Gary McGraw and Greg Hoglund, published by Addison-Wesley Pub Co, ISBN 0201786958 (2004) | * ''Exploiting Software: How to Break Code, ''by Gary McGraw and Greg Hoglund, published by Addison-Wesley Pub Co, ISBN 0201786958 (2004) | ||
| − | + | http://www.exploitingsoftware.com | |
| − | * ''Secure Programming for Linux and Unix HOWTO, David Wheeler (2004)'' | + | * ''Secure Programming for Linux and Unix HOWTO, David Wheeler (2004)'' - http://www.dwheeler.com/secure-programs |
| − | |||
* ''Mastering the Requirements Process, ''by Suzanne Robertson and James Robertsonn, published by Addison-Wesley Professional, ISBN 0201360462 | * ''Mastering the Requirements Process, ''by Suzanne Robertson and James Robertsonn, published by Addison-Wesley Professional, ISBN 0201360462 | ||
| − | + | http://www.systemsguild.com/GuildSite/Robs/RMPBookPage.html | |
| − | * ''The Unified Modeling Language – A User Guide'' | + | * ''The Unified Modeling Language – A User Guide'' - http://www.awprofessional.com/catalog/product.asp?product_id=%7B9A2EC551-6B8D-4EBC-A67E-84B883C6119F%7D |
| − | |||
* ''Web Applications (Hacking Exposed) ''by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X | * ''Web Applications (Hacking Exposed) ''by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X | ||
| − | * ''Software Testing In The Real World (Acm Press Books)'' | + | * ''Software Testing In The Real World (Acm Press Books)'' by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995) |
| − | by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995) | + | |
| + | * ''Securing Java,'' by Gary McGraw, Edward W. Felten, published by Wiley, ISBN 047131952X (1999) - http://www.securingjava.com | ||
| − | |||
| − | |||
==Articles== | ==Articles== | ||
| − | |||
| − | |||
| − | + | * ''Web Application Security is Not an Oxy-Moron, by Mark Curphey'' - http://www.sbq.com/sbq/app_security/index.html | |
| − | http:// | ||
==Useful Websites== | ==Useful Websites== | ||
| − | * OWASP — | + | * OWASP — http://www.owasp.org |
| − | * SANS - | + | * SANS - http://www.sans.org |
| − | * Secure Coding — | + | * Secure Coding — http://www.securecoding.org |
| − | * Secure Coding Guidelines for the .NET Framework''''' ''''' | + | * Secure Coding Guidelines for the .NET Framework''''' ''''' - http://msdn.microsoft.com/security/securecode/bestpractices/default.aspx?pull=/library/en-us/dnnetsec/html/seccodeguide.asp |
| − | * Security in the Java platform — | + | * Security in the Java platform — http://java.sun.com/security |
| − | * OASIS WAS XML — | + | * OASIS WAS XML — http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was |
| − | |||
{{Category:OWASP Testing Project AoC}} | {{Category:OWASP Testing Project AoC}} | ||
Revision as of 16:42, 6 December 2006
[Up]
OWASP Testing Guide v2 Table of Contents
Whitepapers
- Darrin Barrall: "Automated Cookie Analisys" – http://www.spidynamics.com/assets/documents/SPIcookies.pdf
- Security in the SDLC (NIST) - http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf
- The OWASP Guide to Building Secure Web Applications - http://www.owasp.org/index.php/Category:OWASP_Guide_Project
- The Economic Impacts of Inadequate Infrastructure for Software Testing - http://www.nist.gov/director/prog-ofc/report02-3.pdf
- Threats and Countermeasures: Improving Web Application Security -http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/threatcounter.asp
- The Security of Applications: Not All Are Created Equal - http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf
- The Security of Applications Reloaded - http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf
- Use Cases: Just the FAQs and Answers - http://www-106.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf
Books
- Beizer, Boris, Software Testing Techniques, 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720
- Secure Coding, by Mark Graff and Ken Van Wyk, published by O’Reilly, ISBN 0596002424(2003) - http://www.securecoding.org
- Building Secure Software: How to Avoid Security Problems the Right Way, by Gary McGraw and John Viega, published by Addison-Wesley Pub Co, ISBN 020172152X (2002) - http://www.buildingsecuresoftware.com
- Writing Secure Code, by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2003) http://www.microsoft.com/mspress/books/5957.asp
- Innocent Code: A Security Wake-Up Call for Web Programmers, by Sverre Huseby, published by John Wiley & Sons, ISBN 0470857447(2004)
http://innocentcode.thathost.com
- Exploiting Software: How to Break Code, by Gary McGraw and Greg Hoglund, published by Addison-Wesley Pub Co, ISBN 0201786958 (2004)
http://www.exploitingsoftware.com
- Secure Programming for Linux and Unix HOWTO, David Wheeler (2004) - http://www.dwheeler.com/secure-programs
- Mastering the Requirements Process, by Suzanne Robertson and James Robertsonn, published by Addison-Wesley Professional, ISBN 0201360462
http://www.systemsguild.com/GuildSite/Robs/RMPBookPage.html
- The Unified Modeling Language – A User Guide - http://www.awprofessional.com/catalog/product.asp?product_id=%7B9A2EC551-6B8D-4EBC-A67E-84B883C6119F%7D
- Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X
- Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)
- Securing Java, by Gary McGraw, Edward W. Felten, published by Wiley, ISBN 047131952X (1999) - http://www.securingjava.com
Articles
- Web Application Security is Not an Oxy-Moron, by Mark Curphey - http://www.sbq.com/sbq/app_security/index.html
Useful Websites
- OWASP — http://www.owasp.org
- SANS - http://www.sans.org
- Secure Coding — http://www.securecoding.org
- Secure Coding Guidelines for the .NET Framework - http://msdn.microsoft.com/security/securecode/bestpractices/default.aspx?pull=/library/en-us/dnnetsec/html/seccodeguide.asp
- Security in the Java platform — http://java.sun.com/security
- OASIS WAS XML — http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was
OWASP Testing Guide v2
Here is the OWASP Testing Guide v2 Table of Contents
