Web Security Testing Links
I recently completed an overview of web security testing for my team. Below are the links I used as resources. I consider the OWASP Testing Guide to be the most useful.
Payment Card Industry Security Standards PCI Security Standards Council – https://www.pcisecuritystandards.org/ PCI Data Security Standard – https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf |
Open Web Application Security Project (OWASP) OWASP Main Site – http://www.owasp.org OWASP Top 10 (2007) Web Application Vulnerabilities – http://www.owasp.org/index.php/Top_10_2007 OWASP Testing Guide (v2) – http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents |
SANS Institute (SANS stands for SysAdmin, Audit, Network, Security) SANS Main Site – http://www.sans.org SANS Top-20 Internet Security Attach Targets – http://www.sans.org |
United States Computer Emergency Readiness Team (US-CERT) US-CERT Main Site – http://www.us-cert.gov/ US-CERT Security Alerts (Technical) – http://www.us-cert.gov/cas/techalerts/ US-CERT Security Bulletins – http://www.us-cert.gov/cas/bulletins/ |
Vendor Sites and Resources SPI Dynamics – http://www.spidynamics.com/ White Papers – http://www.spidynamics.com/spilabs/education/whitepapers.html |
Fortify Software – http://www.fortifysoftware.com/ Fortify Taxonomy: Software Security Errors – http://www.fortifysoftware.com/vulncat/ |