[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Security testing

From: "Matthew Chalmers" <matthew.chalmers@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Security testing
Date: Thu, 24 Jul 2008 12:32:50 -0500

------=_Part_2163_22198215.1216920770477
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Surprisingly, WASC doesn't seem to have an article, whitepaper or project on
its web site directly addressing your question, however, the threat
classification is a good place to start (
http://www.webappsec.org/projects/threat/) and they also have a page listing
several good books on the subject (
http://www.webappsec.org/web_security_books.shtml). For a "quick and dirty"
job have a look at Jeremiah's article on the 80/20 rule (
http://webappsec.org/projects/articles/013105.shtml).

Additionally, it's rather short but you might have a look at section C-6 of
the OSSTMM: http://www.isecom.info/mirror/osstmm.en.2.2.pdf

Matt

On Wed, Jun 25, 2008 at 4:56 AM, Syed Kabeer Ahmed <sahmed@gs3india.com>
wrote:

>  Hello,
>  I am from India, Kindly suggest what are the basic steps and methodology
> to be followed in testing security of web applicaitons.
>
> Thank you.
>
>
> Regards,
>
> Syed Kabeer Ahmed K
> Software Test Engineer.
>  GS3 Services India Pvt. Ltd.
> # 10 Dr. TV Road,
> Off Spurtank Road , Chetpet,
> Chennai, TN , India - 600 031
>
>
> **
>
>

------=_Part_2163_22198215.1216920770477
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div dir="ltr"><div>Surprisingly, WASC doesn&#39;t seem to have an article, whitepaper or project on its web site directly addressing your question, however, the threat classification is a good place to start (<a href="http://www.webappsec.org/projects/threat/";>http://www.webappsec.org/projects/threat/</a>) and&nbsp;they&nbsp;also have a page listing several good books on the subject (<a href="http://www.webappsec.org/web_security_books.shtml";>http://www.webappsec.org/web_security_books.shtml</a>). For&nbsp;a &quot;quick and dirty&quot; job have a look at Jeremiah&#39;s article on the 80/20 rule (<a href="http://webappsec.org/projects/articles/013105.shtml";>http://webappsec.org/projects/articles/013105.shtml</a>).</div>

<div>&nbsp;</div>
<div>Additionally, it&#39;s rather short but you might have a look at section C-6 of the OSSTMM: <a href="http://www.isecom.info/mirror/osstmm.en.2.2.pdf";>http://www.isecom.info/mirror/osstmm.en.2.2.pdf</a></div>
<div>&nbsp;</div>
<div>Matt<br><br></div>
<div class="gmail_quote">On Wed, Jun 25, 2008 at 4:56 AM, Syed Kabeer Ahmed &lt;<a href="mailto:sahmed@gs3india.com";>sahmed@gs3india.com</a>&gt; wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>
<div dir="ltr">
<div dir="ltr"><font face="Verdana" color="#0000ff" size="2">Hello,</font></div>
<div dir="ltr"><font face="Verdana" color="#0000ff" size="2">&nbsp;I am from India, Kindly suggest what are the basic steps and methodology to be followed in testing security of web applicaitons. </font></div>
<div dir="ltr"><font face="Verdana" color="#0000ff" size="2"></font>&nbsp;</div>
<div dir="ltr"><font face="Verdana" color="#0000ff" size="2">Thank you.</font></div>
<div dir="ltr"><font face="Verdana" color="#0000ff" size="2"></font>&nbsp;</div></div>
<div dir="ltr">
<div><font color="#0000ff"></font>&nbsp;</div>
<div><font face="Verdana" color="#0000ff" size="2">Regards, </font></div>
<div><font face="Verdana" color="#0000ff" size="2"></font>&nbsp;</div><font color="#888888">
<div><font face="Verdana" color="#0000ff" size="2">Syed Kabeer Ahmed K </font></div>
<div><font face="Verdana" color="#0000ff" size="2">Software Test Engineer. </font></div>
<div>
<div><font face="Verdana" color="#0000ff" size="2">GS3 Services India Pvt. Ltd. </font></div>
<div><font face="Verdana" color="#0000ff" size="2">#&nbsp;10 Dr. TV Road,</font></div>
<div><font face="Verdana" color="#0000ff" size="2">Off Spurtank Road&nbsp;, Chetpet,</font></div>
<div><font face="Verdana" color="#0000ff" size="2">Chennai, TN , India&nbsp;- 600 031 </font></div></div>
<div><font face="Verdana" color="#0000ff" size="2"></font>&nbsp;</div>
<div><font face="Verdana" color="#0000ff" size="2"></font>&nbsp;</div>
<div><font face="Verdana" color="#0000ff" size="2"><em></em></font>&nbsp;</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div><pre></pre></div></div></div></div></div></div></div></div></div></div></font></div></div></blockquote></div><br></div>

------=_Part_2163_22198215.1216920770477--

Follow-Ups:
- RE: [WEB SECURITY] Security testing
  - From: Arshan Dabirsiaghi
- RE: [WEB SECURITY] Security testing
  - From: Tom Brennan

Prev by Date: Re: [WEB SECURITY] XSS/injection/... evading technique
Next by Date: Re: [WEB SECURITY] Flash Movies Describing Security Bugs
Previous by thread: [WEB SECURITY] Administrative: Mail Server Issues
Next by thread: RE: [WEB SECURITY] Security testing
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site