Books:
Hacking 'Web Applications' Exposed, Osborne
Web Hacking, Osborne
Secure Coding - Principles & Practises, O'Reilly
Exploiting Software, Addison Wesley
The Shellcoder's Handbook : Discovering and Exploiting Security Holes, John
Wiley & Sons
Software:
There are many automated web application auditing tools around. F.e. you can
get a 7 day trial
licesense on sanctuminc.com 's AppScan. Not a complete solution but a good
way to see what
shape the webapp is in. (in my opinion).
One site of course is www.owasp.org.
Best regards,
Andrew
----- Original Message -----
From: "Michael Cunningham" <crayola_at_optonline.net>
To: <webappsec_at_securityfocus.com>
Sent: Friday, March 19, 2004 8:33 PM
Subject: testing web app security
> Folks,
>
> I am going to have to take on the task of testing software
> applications my company produces as they roll through the
> QA/UAT process for security concerns (can't hire anyone and software
> to automate the testing seems to be very expensive). They are
> mainly web based applications with a database backend
> and some custom java and C programs. I am aware of how sql
> injection, buffer overflows, cross site scripting, and other
> security programming problems work, but I dont have a whole lot
> of experience applying this knowledge to application testing.
>
> Are there any training courses or documents/books you can
> suggest that would help me learn the skills I need to
> make this happen? Does anyone have a site that lists tools
> (open source preferred) That I could use to help me test these
> applications?
>
> Thanks for any help you can offer,
> Mike
>
Received on Mar 19 2004
Intro
