Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Any details on this book?

RE: Any details on this book?

From: Eric Rachner <eric_at_mostly.harmless.org>
Date: Mon, 23 Aug 2004 11:34:56 -0700

The book project is temporarily on ice, basically because all of its
authors (myself included) are too busy assessing applications to also
produce a high-quality book on a concurrent, controlled schedule.

Of course, it's in the career interests of the authors to get published,
so it's only a matter of time before the project is thawed out.

In the mean time, some of the material originally intended for the book
has been published in this month's issue of aspnetPRO magazine:
www.aspnetpro.com (see the article about the "One-Click Attack")

- Eric

-----Original Message-----
From: Mads Rasmussen [mailto:mads_at_opencs.com.br]
Sent: Wednesday, July 07, 2004 10:28 AM
To: Webappsec List
Subject: Any details on this book?

Maybe Michael Howard can shed more light on the contents of this
upcoming (August according to Amazon) book:

(the microsoft link for the book doesn't work though and searching for
it at microsoft doesn't bring any meaningful results)

http://cyberforge.com/weblog/aniltj/archive/2003/11/15/167.aspx

Web Application Security Assessment
http://www.microsoft.com/MSPress/books/7194.asp

Examine Microsoft's structured methodology for reviewing Web
applications for security bugs-from design to deployment-and apply
proven practices and code to your own development efforts. Now you can
benefit from the many lessons Microsoft has learned about testing Web
applications for security bugs. A must-have reference for every Web
developer and tester, this book presents a comprehensive, structured
methodology for identifying and addressing the most common, real-world
security issues for Web applications throughout the development process.

Written by the principal, front-line Web security assessment team at
Microsoft, this guide walks you through each of the critical stages for
effective security testing, including designing for and assessing
security features; identifying security vulnerabilities and executing
the assessment; and enhancing infrastructure security before application

deployment, including best practices for locking down MicrosoftR Windows

ServerT 2003, Microsoft Internet Information Services (IIS), and
Microsoft SQL Server. Get the entire book's sample code via the Web-and
easily apply this expert author team's techniques and tools to your own
programs. 

-- 
Mads Rasmussen, M.Sc.
Open Communications Security
www.opencs.com.br
+55 11 3345 2525
Received on Aug 24 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]