Good WebAppSec Resources Module (to be combined) OWASP Education Project Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this.
Download ReportTranscript Good WebAppSec Resources Module (to be combined) OWASP Education Project Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this.
Good WebAppSec Resources Module (to be combined) OWASP Education Project Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org Just the start! Moving Target Changing Ecosystem OWASP 2 Hard Copy OWASP 3 Hard Copy IEEE Security & Privacy (bimonthly magazine) Security Engineering – Anderson (free download) Building Secure Software – Viega & McGraw Secure Coding – Graff & van Wyk Exploiting Software : How to Break Code – Hoglund & McGraw 19 Deadly Sins of Software Security - Howard, LeBlanc & Viega Hacking Exposed Web Applications (2nd Ed) – Joel Scambray, Mike Shema, Caleb Sima Writing Secure Code (2nd Ed) – Howard & Leblanc Enterprise Java Security – Pistoia, et al OWASP 4 Hard Copy Secure Programming with Static Analysis – Brian Chess, Jacob West The Art of Software Security Assessment – Mark Dowd, John McDonald , Justin Schuh The Security Development Lifecycle – Michael Howard Threat Modeling – Frank Swiderski, Window Snyder Securing Web Services with WS-Security – Rosenberg & Remy Core Security Patterns – Steel, Nagappan & Ray Lai Security Metrics – Andrew Jaquith Software Security: Building Security In – Gary McGraw OWASP 5 OWASP Projects Are Alive! 2009 … 2007 2005 2003 2001 OWASP 6 6 Web Sites OWASP 7 www.owasp.org OWASP 8 8 OWASP Knowledge and Tools Guide to Application Security Testing and Guide to Application Security Code Review Guide to Building Secure Web Applications and Web Services Research Projects on Securing New Technologies (like Web Services & Ajax) Verifying Application Security Acquiring and Building Secure Applications Managing Application Security Core Application Security Knowledge Base Research to Secure New Technologies Application Security Tools Guidance and Tools for Measuring and Managing Application Security Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues AppSec Education and CBT Web Based Learning Environment and Education Project OWASP 9 Online www.cgisecurity.com www.webappsec.org buildsecurityin.us-cert.gov www.cert.org www.sans.org www.securityfocus.com Tools www.owasp.org/index.php/Phoenix/Tools OWASP 10 Mailing Lists OWASP 11 Mailing Lists OWASP Project Mailing lists Secure Coding List [email protected] [email protected] (WASC) SANS NewsBites OWASP 12 Blogs OWASP 13 Blog Selection ha.ckers.org/blog (RSnake) shiflett.org (Chris Shiflett) jeremiahgrossman.blogspot.com www.gnucitizen.org (PDP) sylvanvonstuppe.blogspot.com www.memestreams.net/users/Acidus (Billy Hoffman) taosecurity.blogspot.com (Richard Bejtlich) www.dhanjani.com (Nitesh Dhanjani) Check Anurag Agarwal’s Reflection Series OWASP 14