This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Testing Guide Appendix B: Suggested Reading"

From OWASP
Jump to: navigation, search
 
(10 intermediate revisions by 3 users not shown)
Line 20: Line 20:
  
 
* Use Cases: Just the FAQs and Answers – http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf
 
* Use Cases: Just the FAQs and Answers – http://www.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf
 
 
[[Category:FIXME|broken link
 
[[Category:FIXME|broken link
 
 
* ''Web Application Security is Not an Oxy-Moron, by Mark Curphey'' - http://www.sbq.com/sbq/app_security/index.html
 
* ''Web Application Security is Not an Oxy-Moron, by Mark Curphey'' - http://www.sbq.com/sbq/app_security/index.html
 
* ''The Security of Applications Reloaded'' - http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf
 
* ''The Security of Applications Reloaded'' - http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf
 +
]]
  
]]
 
  
 
==Books==
 
==Books==
Line 44: Line 42:
 
*+ Online version available at: http://books.google.com/books?id=AO2fsAPVC34C&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false
 
*+ Online version available at: http://books.google.com/books?id=AO2fsAPVC34C&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false
  
* Hacking Exposed: Web Applications 3, by Joel Scambray, Vinvent Liu, Caleb Sima, published by McGraw-Hill Osborne Media, ISBN 007222438X(2010) - http://www.webhackingexposed.com/
+
* Hacking Exposed: Web Applications 3, by Joel Scambray, Vinvent Liu, Caleb Sima, published by McGraw-Hill Osborne Media, ISBN 007222438X (2010) - http://www.webhackingexposed.com/
 +
 
 +
* The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition - published by Dafydd Stuttard, Marcus Pinto, ISBN  9781118026472 (2011)
  
 
* How to Break Software Security, by James Whittaker, Herbert H. Thompson, published by Addison Wesley, ISBN 0321194330 (2003)   
 
* How to Break Software Security, by James Whittaker, Herbert H. Thompson, published by Addison Wesley, ISBN 0321194330 (2003)   
Line 52: Line 52:
 
* Innocent Code: A Security Wake-Up Call for Web Programmers, by Sverre Huseby, published by John Wiley & Sons, ISBN 0470857447(2004) - http://innocentcode.thathost.com  
 
* Innocent Code: A Security Wake-Up Call for Web Programmers, by Sverre Huseby, published by John Wiley & Sons, ISBN 0470857447(2004) - http://innocentcode.thathost.com  
  
Online version available at: http://books.google.com/books?id=RjVjgPQsKogC&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false
+
*+ Online version available at: http://books.google.com/books?id=RjVjgPQsKogC&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false
  
 
* Mastering the Requirements Process, by Suzanne Robertson and James Robertson, published by Addison-Wesley Professional, ISBN 0201360462   
 
* Mastering the Requirements Process, by Suzanne Robertson and James Robertson, published by Addison-Wesley Professional, ISBN 0201360462   
Line 58: Line 58:
 
*+ Online version available at: http://books.google.com/books?id=SN4WegDHVCcC&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false
 
*+ Online version available at: http://books.google.com/books?id=SN4WegDHVCcC&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false
  
* Secure Coding: Principles and Practices, by Mark Graff and Kenneth R. Van Wyk, published by O’Reilly, ISBN 0596002424(2003) - http://www.securecoding.org  
+
* Secure Coding: Principles and Practices, by Mark Graff and Kenneth R. Van Wyk, published by O’Reilly, ISBN 0596002424 (2003) - http://www.securecoding.org  
  
 
* Secure Programming for Linux and Unix HOWTO, David Wheeler (2004) http://www.dwheeler.com/secure-programs  
 
* Secure Programming for Linux and Unix HOWTO, David Wheeler (2004) http://www.dwheeler.com/secure-programs  
Online version:
+
*+ Online version: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html
 
  
 
* Securing Java, by Gary McGraw, Edward W. Felten, published by Wiley, ISBN 047131952X (1999) - http://www.securingjava.com  
 
* Securing Java, by Gary McGraw, Edward W. Felten, published by Wiley, ISBN 047131952X (1999) - http://www.securingjava.com  
Line 81: Line 80:
  
 
* Writing Secure Code, by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2004) http://www.microsoft.com/learning/en/us/book.aspx?ID=5957&locale=en-us
 
* Writing Secure Code, by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2004) http://www.microsoft.com/learning/en/us/book.aspx?ID=5957&locale=en-us
 +
  
 
==Useful Websites==
 
==Useful Websites==
Line 105: Line 105:
  
 
* Open Source Software Testing Tools - http://www.opensourcetesting.org/security.php
 
* Open Source Software Testing Tools - http://www.opensourcetesting.org/security.php
 +
* OWASP Security Blitz - https://www.owasp.org/index.php/OWASP_Security_Blitz
  
 
* OWASP Phoenix/Tool - https://www.owasp.org/index.php/Phoenix/Tools
 
* OWASP Phoenix/Tool - https://www.owasp.org/index.php/Phoenix/Tools
 +
* SANS Internet Storm Center (ISC) - https://www.isc.sans.edu
  
 
* The Open Web Application Application Security Project (OWASP) — http://www.owasp.org  
 
* The Open Web Application Application Security Project (OWASP) — http://www.owasp.org  
Line 125: Line 127:
  
 
* Web Security – Articles - http://www.acunetix.com/websitesecurity/articles/
 
* Web Security – Articles - http://www.acunetix.com/websitesecurity/articles/
 +
 +
* Testing Client Side Security issues: http://www.domxss.com
 +
  
 
==Videos==
 
==Videos==
Line 133: Line 138:
  
 
* Videos by Imperva - http://www.imperva.com/resources/videos.asp
 
* Videos by Imperva - http://www.imperva.com/resources/videos.asp
 +
  
 
==Deliberately Insecure Web Applications==
 
==Deliberately Insecure Web Applications==
 +
 +
* OWASP Vulnerable Web Applications Directory Project - https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=Main
  
 
* BadStore - http://www.badstore.net/  
 
* BadStore - http://www.badstore.net/  
Line 163: Line 171:
  
 
* WebMaven (better known as Buggy Bank) - http://www.mavensecurity.com/WebMaven.php
 
* WebMaven (better known as Buggy Bank) - http://www.mavensecurity.com/WebMaven.php
 +
 +
* DOMXSS - JavaScript Security: http://www.domxss.com

Latest revision as of 09:18, 20 January 2017

This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project

Whitepapers


Books

  • The Art of Software Security Testing: Identifying Software Security Flaws, by Chris Wysopal, Lucas Nelson, Dino Dai Zovi, Elfriede Dustin, published by Addison-Wesley, ISBN 0321304861 (2006)
  • The Ethical Hack: A Framework for Business Value Penetration Testing, By James S. Tiller, Auerbach Publications, ISBN 084931609X (2005)
  • The Hacker's Handbook: The Strategy behind Breaking into and Defending Networks, By Susan Young, Dave Aitel, Auerbach Publications, ISBN: 0849308887 (2005)
  • The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition - published by Dafydd Stuttard, Marcus Pinto, ISBN 9781118026472 (2011)
  • How to Break Software Security, by James Whittaker, Herbert H. Thompson, published by Addison Wesley, ISBN 0321194330 (2003)
  • How to Break Software: Functional and Security Testing of Web Applications and Web Services, by Make Andrews, James A. Whittaker, published by Pearson Education Inc., ISBN 0321369440 (2006)
  • Mastering the Requirements Process, by Suzanne Robertson and James Robertson, published by Addison-Wesley Professional, ISBN 0201360462
  • Software Security: Building Security In, by Gary McGraw, published by Addison-Wesley Professional, ISBN 0321356705 (2006)
  • Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)
  • Software Testing Techniques, 2nd Edition, By Boris Beizer, International Thomson Computer Press, ISBN 0442206720 (1990)
  • The Tangled Web: A Guide to Securing Modern Web Applications, by Michael Zalewski, published by No Starch Press Inc., ISBN 047131952X (2011)
  • The Unified Modeling Language – A User Guide – by Grady Booch, James Rumbaugh, Ivar Jacobson, published by Addison-Wesley Professional, ISBN 0321267974 (2005)
  • The Unified Modeling Language User Guide, by Grady Booch, James Rumbaugh, Ivar Jacobson, Ivar published by Addison-Wesley Professional, ISBN 0-201-57168-4 (1998)
  • Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast, by Paco Hope, Ben Walther, published by O’Reilly, ISBN 0596514832 (2008)


Useful Websites


Videos


Deliberately Insecure Web Applications

  • Hacme Series from McAfee: