This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Testing Guide Appendix B: Suggested Reading"
From OWASP
David Fern (talk | contribs) |
David Fern (talk | contribs) |
||
Line 5: | Line 5: | ||
* The Economic Impacts of Inadequate Infrastructure for Software Testing - http://www.nist.gov/director/planning/upload/report02-3.pdf | * The Economic Impacts of Inadequate Infrastructure for Software Testing - http://www.nist.gov/director/planning/upload/report02-3.pdf | ||
− | * Improving Web Application Security: Threats and Countermeasures- | + | * Improving Web Application Security: Threats and Countermeasures- http://msdn.microsoft.com/en-us/library/ff649874.aspx |
− | http://msdn.microsoft.com/en-us/library/ff649874.aspx | ||
* NIST Publications - http://csrc.nist.gov/publications/PubsSPs.html | * NIST Publications - http://csrc.nist.gov/publications/PubsSPs.html | ||
− | * The Open Web Application Security Project (OWASP) Guide Project - | + | * The Open Web Application Security Project (OWASP) Guide Project - https://www.owasp.org/index.php/Category:OWASP_Guide_Project |
− | https://www.owasp.org/index.php/Category:OWASP_Guide_Project | ||
− | * Security Considerations in the System Development Life Cycle (NIST) - | + | * Security Considerations in the System Development Life Cycle (NIST) - http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890097 |
− | http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890097 | ||
− | * The Security of Applications: Not All Are Created Equal - | + | * The Security of Applications: Not All Are Created Equal - http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf |
− | http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf | ||
* Software Assurance: An Overview of Current Practices - http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf | * Software Assurance: An Overview of Current Practices - http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf | ||
Line 23: | Line 19: | ||
* Software Security Testing: Software Assurance Pocket guide Series: Development, Volume III - https://buildsecurityin.us-cert.gov/swa/downloads/SoftwareSecurityTesting_PocketGuide_1%200_05182012_PostOnline.pdf | * Software Security Testing: Software Assurance Pocket guide Series: Development, Volume III - https://buildsecurityin.us-cert.gov/swa/downloads/SoftwareSecurityTesting_PocketGuide_1%200_05182012_PostOnline.pdf | ||
− | * Use Cases: Just the FAQs and Answers – | + | * Use Cases: Just the FAQs and Answers – http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf |
− | http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf | ||
Revision as of 16:06, 21 November 2012
This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project
Whitepapers
- The Economic Impacts of Inadequate Infrastructure for Software Testing - http://www.nist.gov/director/planning/upload/report02-3.pdf
- Improving Web Application Security: Threats and Countermeasures- http://msdn.microsoft.com/en-us/library/ff649874.aspx
- NIST Publications - http://csrc.nist.gov/publications/PubsSPs.html
- The Open Web Application Security Project (OWASP) Guide Project - https://www.owasp.org/index.php/Category:OWASP_Guide_Project
- Security Considerations in the System Development Life Cycle (NIST) - http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890097
- The Security of Applications: Not All Are Created Equal - http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf
- Software Assurance: An Overview of Current Practices - http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf
- Software Security Testing: Software Assurance Pocket guide Series: Development, Volume III - https://buildsecurityin.us-cert.gov/swa/downloads/SoftwareSecurityTesting_PocketGuide_1%200_05182012_PostOnline.pdf
- Use Cases: Just the FAQs and Answers – http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf
Books
- James S. Tiller: "The Ethical Hack: A Framework for Business Value Penetration Testing", Auerbach, ISBN: 084931609X
- Susan Young, Dave Aitel: "The Hacker's Handbook: The Strategy behind Breaking into and Defending Networks", Auerbach, ISBN: 0849308887
- Secure Coding, by Mark Graff and Ken Van Wyk, published by O’Reilly, ISBN 0596002424(2003) - http://www.securecoding.org
- Building Secure Software: How to Avoid Security Problems the Right Way, by Gary McGraw and John Viega, published by Addison-Wesley Pub Co, ISBN 020172152X (2002) - http://www.buildingsecuresoftware.com
- Writing Secure Code, by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2003) http://www.microsoft.com/mspress/books/5957.asp
- Innocent Code: A Security Wake-Up Call for Web Programmers, by Sverre Huseby, published by John Wiley & Sons, ISBN 0470857447(2004) - http://innocentcode.thathost.com
- Exploiting Software: How to Break Code, by Gary McGraw and Greg Hoglund, published by Addison-Wesley Pub Co, ISBN 0201786958 (2004) -http://www.exploitingsoftware.com
- Secure Programming for Linux and Unix HOWTO, David Wheeler (2004) - http://www.dwheeler.com/secure-programs
- Mastering the Requirements Process, by Suzanne Robertson and James Robertsonn, published by Addison-Wesley Professional, ISBN 0201360462 - http://www.systemsguild.com/GuildSite/Robs/RMPBookPage.html
- The Unified Modeling Language – A User Guide - http://www.awprofessional.com/catalog/product.asp?product_id=%7B9A2EC551-6B8D-4EBC-A67E-84B883C6119F%7D
- Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X
- Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)
- Securing Java, by Gary McGraw, Edward W. Felten, published by Wiley, ISBN 047131952X (1999) - http://www.securingjava.com
- Beizer, Boris, Software Testing Techniques, 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720
Useful Websites
- Build Security In - https://buildsecurityin.us-cert.gov/bsi/home.html
- Build Security In – Security-Specific Bibliography - https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/measurement/1070-BSI.html
- CERT Secure Coding - http://www.cert.org/secure-coding/
- CERT Secure Coding Standards- https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards
- Exploit and Vulnerability Databases - https://buildsecurityin.us-cert.gov/swa/database.html
- Google Code University – Web Security - http://code.google.com/edu/security/index.html
- McAfee Foundstone Publications - http://www.mcafee.com/apps/view-all/publications.aspx?tf=foundstone&sz=10
- McAfee – Resources Library - http://www.mcafee.com/apps/resource-library-search.aspx?region=us
- McAfee Free Tools - http://www.mcafee.com/us/downloads/free-tools/index.aspx
- OASIS Web Application Security (WAS) TC — http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was
- Open Source Software Testing Tools - http://www.opensourcetesting.org/security.php
- OWASP Phoenix/Tool - https://www.owasp.org/index.php/Phoenix/Tools
- The Open Web Application Application Security Project (OWASP) — http://www.owasp.org
- Pentestmonkey - Pen Testing Cheat Sheets - http://pentestmonkey.net/cheat-sheet
- Secure Coding Guidelines for the .NET Framework 4.5 - http://msdn.microsoft.com/en-us/library/8a3x2b7f.aspx
- Security in the Java platform - http://docs.oracle.com/javase/6/docs/technotes/guides/security/overview/jsoverview.html
- System Administration, Networking, and Security Institute (SANS) - http://www.sans.org
- Technical INFO – Making Sense of Security - http://www.technicalinfo.net/index.html
- Web Application Security Consortium - http://www.webappsec.org/projects/
- Web Application Security Scanner List - http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List
- Web Security – Articles - http://www.acunetix.com/websitesecurity/articles/
Videos
- OWASP Appsec Tutorial Series - https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series
- SecurityTube - http://www.securitytube.net/
- Videos by Imperva - http://www.imperva.com/resources/videos.asp
Deliberately Insecure Web Applications
- BadStore - http://www.badstore.net/
- Damn Vulnerable Web App - http://www.ethicalhack3r.co.uk/damn-vulnerable-web-app/
- Hacme Series from McAfee:
- + Hacme Travel - http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
- + Hacme Shipping - http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
- + Hacme Casino - http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
- + Hacme Books - http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
- Mutillidae - http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
- Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/
- Vicnum - http://vicnum.sourceforge.net/ and http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
- WebMaven (better known as Buggy Bank) - http://www.mavensecurity.com/WebMaven.php