This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Testing Guide Appendix B: Suggested Reading

From OWASP
Revision as of 18:56, 1 August 2006 by Weilin Zhong (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Whitepapers

  • Security in the SDLC (NIST)

http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf Note: Need to change to official link.

  • The OWASP Guide to Building Secure Web Applications (Version 1.0)

http://www.owasp.org/documentation/guide

  • The OWASP Guide to Building Secure Web Applications (Working Draft Version 2.0)

http://www.owasp.org/documentation/guide current

  • The Economic Impacts of Inadequate Infrastructure for Software Testing

http://www.nist.gov/director/prog-ofc/report02-3.pdf

  • Threats and Countermeasures – Improving Web Application Security

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/threatcounter.asp

  • The Security of Applications: Not All Are Created Equal

http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf

  • The Security of Applications Reloaded

http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf

  • Use Cases: Just the FAQs and Answers

http://www-106.ibm.com/developerworks/rational/library/content/RationalEdge/jan03/UseCaseFAQS_TheRationalEdge_Jan2003.pdf

Books

  • Beizer, Boris, Software Testing Techniques, 2nd Edition, © 1990 International Thomson Computer Press, ISBN 0442206720
  • Secure Coding, by Mark Graff and Ken Van Wyk, published by O’Reilly, ISBN 0596002424(2003)

http://www.securecoding.org

  • Building Secure Software: How to Avoid Security Problems the Right Way, by Gary McGraw and John Viega, published by Addison-Wesley Pub Co, ISBN 020172152X (2002)

http://www.buildingsecuresoftware.com

  • Writing Secure Code, by Mike Howard and David LeBlanc, published by Microsoft Press, ISBN 0735617228 (2003)

http://www.microsoft.com/mspress/books/5957.asp

  • Innocent Code: A Security Wake-Up Call for Web Programmers, by Sverre Huseby, published by John Wiley & Sons, ISBN 0470857447(2004)

http://innocentcode.thathost.com

  • Exploiting Software: How to Break Code, by Gary McGraw and Greg Hoglund, published by Addison-Wesley Pub Co, ISBN 0201786958 (2004)

http://www.exploitingsoftware.com

  • Secure Programming for Linux and Unix HOWTO, David Wheeler (2004)

http://www.dwheeler.com/secure-programs/

  • Mastering the Requirements Process, by Suzanne Robertson and James Robertsonn, published by Addison-Wesley Professional, ISBN 0201360462

http://www.systemsguild.com/GuildSite/Robs/RMPBookPage.html

  • The Unified Modeling Language – A User Guide

http://www.awprofessional.com/catalog/product.asp?product_id=%7B9A2EC551-6B8D-4EBC-A67E-84B883C6119F%7D

  • Web Applications (Hacking Exposed) by Joel Scambray and Mike Shema, published by McGraw-Hill Osborne Media, ISBN 007222438X
  • Software Testing In The Real World (Acm Press Books)

by Edward Kit, published by Addison-Wesley Professional, ISBN 0201877562 (1995)

  • Securing Java, by Gary McGraw, Edward W. Felten, published by Wiley, ISBN 047131952X (1999)

http://www.securingjava.com/

Articles

  • Web Application Security is Not an Oxy-Moron, by Mark Curphey

http://www.sbq.com/sbq/app_security/index.html

Software Security Testing – Back to Basics (The OWASP Testing Framework) – Mark Curphey http://softwaremag.com

Useful Websites


Additional resources are available at http://www.securecoding.org/companion/links.php

OWASP Testing Guide Table of Contents 

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Testing_Guide_Appendix_B:_Suggested_Reading&oldid=8573"