Difference between revisions of "OWASP Testing Guide Appendix B: Suggested Reading"

Revision as of 13:06, 23 August 2008

OWASP Testing Guide v3 Table of Contents

This article is part of the OWASP Testing Guide v3. The entire OWASP Testing Guide v3 can be downloaded here.

OWASP at the moment is working at the OWASP Testing Guide v4: you can browse the Guide here

Whitepapers

• Security in the SDLC (NIST) - http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf

• The OWASP Guide to Building Secure Web Applications - http://www.owasp.org/index.php/Category:OWASP_Guide_Project

• The Economic Impacts of Inadequate Infrastructure for Software Testing - http://www.nist.gov/director/prog-ofc/report02-3.pdf

• Threats and Countermeasures: Improving Web Application Security - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/threatcounter.asp

• Web Application Security is Not an Oxy-Moron, by Mark Curphey - http://www.sbq.com/sbq/app_security/index.html

• The Security of Applications: Not All Are Created Equal - http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf

• The Security of Applications Reloaded - http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf

• Use Cases: Just the FAQs and Answers - http://www-106.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf

Books

• James S. Tiller: "The Ethical Hack: A Framework for Business Value Penetration Testing", Auerbach, ISBN: 084931609X

• Susan Young, Dave Aitel: "The Hacker's Handbook: The Strategy behind Breaking into and Defending Networks", Auerbach, ISBN: 0849308887

• Secure Coding, by Mark Graff and Ken Van Wyk, published by O’Reilly, ISBN 0596002424(2003) - http://www.securecoding.org

• Building Secure Software: How to Avoid Security Problems the Right Way, by Gary McGraw and John Viega, published by Addison-Wesley Pub Co, ISBN 020172152X (2002) - http://www.buildingsecuresoftware.com

• Writing Secure Code, by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2003) http://www.microsoft.com/mspress/books/5957.asp

• Innocent Code: A Security Wake-Up Call for Web Programmers, by Sverre Huseby, published by John Wiley & Sons, ISBN 0470857447(2004) - http://innocentcode.thathost.com

• Exploiting Software: How to Break Code, by Gary McGraw and Greg Hoglund, published by Addison-Wesley Pub Co, ISBN 0201786958 (2004) -http://www.exploitingsoftware.com

• Secure Programming for Linux and Unix HOWTO, David Wheeler (2004) - http://www.dwheeler.com/secure-programs

• Mastering the Requirements Process, by Suzanne Robertson and James Robertsonn, published by Addison-Wesley Professional, ISBN 0201360462 - http://www.systemsguild.com/GuildSite/Robs/RMPBookPage.html

• The Unified Modeling Language – A User Guide - http://www.awprofessional.com/catalog/product.asp?product_id=%7B9A2EC551-6B8D-4EBC-A67E-84B883C6119F%7D

• Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X

• Software Testing In The Real World (Acm Press Books) by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)

• Securing Java, by Gary McGraw, Edward W. Felten, published by Wiley, ISBN 047131952X (1999) - http://www.securingjava.com

• Beizer, Boris, Software Testing Techniques, 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720

Useful Websites

• OWASP — http://www.owasp.org

• SANS - http://www.sans.org

• Secure Coding — http://www.securecoding.org

• Secure Coding Guidelines for the .NET Framework - http://msdn.microsoft.com/security/securecode/bestpractices/default.aspx?pull=/library/en-us/dnnetsec/html/seccodeguide.asp

• Security in the Java platform — http://java.sun.com/security

• OASIS WAS XML — http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=was