Good WebAppSec Resources Module (to be combined) OWASP Education Project Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this.
Download
Report
Transcript Good WebAppSec Resources Module (to be combined) OWASP Education Project Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this.
Good WebAppSec Resources
Module (to be combined)
OWASP
Education Project
Copyright 2007 © The OWASP Foundation
Permission is granted to copy, distribute and/or modify this document
under the terms of the OWASP License.
The OWASP Foundation
http://www.owasp.org
Just the start!
Moving Target
Changing Ecosystem
OWASP
2
Hard Copy
OWASP
3
Hard Copy
IEEE Security & Privacy (bimonthly magazine)
Security Engineering – Anderson (free download)
Building Secure Software – Viega & McGraw
Secure Coding – Graff & van Wyk
Exploiting Software : How to Break Code – Hoglund &
McGraw
19 Deadly Sins of Software Security - Howard, LeBlanc &
Viega
Hacking Exposed Web Applications (2nd Ed) – Joel
Scambray, Mike Shema, Caleb Sima
Writing Secure Code (2nd Ed) – Howard & Leblanc
Enterprise Java Security – Pistoia, et al
OWASP
4
Hard Copy
Secure Programming with Static Analysis – Brian Chess,
Jacob West
The Art of Software Security Assessment – Mark Dowd,
John McDonald , Justin Schuh
The Security Development Lifecycle – Michael Howard
Threat Modeling – Frank Swiderski, Window Snyder
Securing Web Services with WS-Security – Rosenberg &
Remy
Core Security Patterns – Steel, Nagappan & Ray Lai
Security Metrics – Andrew Jaquith
Software Security: Building Security In – Gary McGraw
OWASP
5
OWASP Projects Are Alive!
2009
…
2007
2005
2003
2001
OWASP
6 6
Web Sites
OWASP
7
www.owasp.org
OWASP
8 8
OWASP Knowledge and Tools
Guide to Application
Security Testing and
Guide to Application
Security Code
Review
Guide to Building
Secure Web
Applications and
Web Services
Research Projects
on Securing New
Technologies (like
Web Services &
Ajax)
Verifying
Application
Security
Acquiring and
Building
Secure
Applications
Managing
Application
Security
Core Application
Security
Knowledge Base
Research to
Secure New
Technologies
Application
Security
Tools
Guidance and Tools
for Measuring and
Managing
Application
Security
Tools for Scanning,
Testing,
Simulating, and
Reporting Web
Application
Security Issues
AppSec
Education and
CBT
Web Based
Learning
Environment and
Education Project
OWASP
9
Online
www.cgisecurity.com
www.webappsec.org
buildsecurityin.us-cert.gov
www.cert.org
www.sans.org
www.securityfocus.com
Tools
www.owasp.org/index.php/Phoenix/Tools
OWASP
10
Mailing Lists
OWASP
11
Mailing Lists
OWASP Project Mailing lists
Secure Coding List
[email protected]
[email protected] (WASC)
SANS NewsBites
OWASP
12
Blogs
OWASP
13
Blog Selection
ha.ckers.org/blog (RSnake)
shiflett.org (Chris Shiflett)
jeremiahgrossman.blogspot.com
www.gnucitizen.org (PDP)
sylvanvonstuppe.blogspot.com
www.memestreams.net/users/Acidus (Billy Hoffman)
taosecurity.blogspot.com (Richard Bejtlich)
www.dhanjani.com (Nitesh Dhanjani)
Check Anurag Agarwal’s Reflection Series
OWASP
14