This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Top 10 2007-References
From OWASP
OWASP Projects
OWASP is the premier site for web application security. The OWASP site hosts many projects, forums, blogs, [[:Category:OWASP_Presentations|presentations], tools, and papers. OWASP hosts two major web application security conferences per year, and has over 80 local chapters.
The following OWASP projects are most likely to be useful:
- OWASP Guide to Building Secure Web Applications
- OWASP Testing Guide
- OWASP Code Review Project (in development)
- OWASP PHP Project (in development)
- OWASP Java Project
- OWASP .NET Project
Books
By necessity, this is not an exhaustive list. Use these references to find the appropriate area in your local bookstore and pick a few titles (including potentially one or more of the following) that suit your needs:
- [ALS1] Alshanetsky, I. “php|architect's Guide to PHP Security”, ISBN 0973862106
- [BAI1] Baier, D., “Developing more secure ASP.NET 2.0 Applications”, ISBN 978-0-7356-2331-6
- [GAL1] Gallagher T., Landauer L., Jeffries B., "Hunting Security Bugs", Microsoft Press, ISBN 073562187X
- [GRO1] Fogie, Grossman, Hansen, Rager, “Cross Site Scripting Attacks: XSS Exploits and Defense”, ISBN 1597491543
- [HOW1] Howard M., Lipner S., "The Security Development Lifecycle", Microsoft Press, ISBN 0735622140
- [SCH1 Schneier B., “Practical Cryptography”, Wiley, ISBN 047122894X
- [SHI1] Shiflett, C., “Essential PHP Security”, ISBN 059600656X
- [WYS1] Wysopal et al, The Art of Software Security Testing: Identifying Software Security Flaws, ISBN 0321304861
Web Sites
- OWASP, http://www.owasp.org
- MITRE, Common Weakness Enumeration – Vulnerability Trends, http://cwe.mitre.org/documents/vuln-trends.html
- Web Application Security Consortium, http://www.webappsec.org/
- SANS Top 20, http://www.sans.org/top20/
- PCI Security Standards Council, publishers of the PCI standards, relevant to all organizations processing or holding credit card data, https://www.pcisecuritystandards.org/
- PCI DSS v1.1, https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf
- Build Security In, US CERT, https://buildsecurityin.us-cert.gov/daisy/bsi/home.html