[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [WEB SECURITY] Security testing
- From: "Arshan Dabirsiaghi" <arshan.dabirsiaghi@xxxxxxxxxxxxxxxxxx>
- Subject: RE: [WEB SECURITY] Security testing
- Date: Thu, 24 Jul 2008 14:14:22 -0400
------_=_NextPart_001_01C8EDB9.194C3DBE
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
>From start to finish, whether you're from India or Indiana:
=20
http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents
=20
Cheers,
Arshan
=20
=20
From: Matthew Chalmers [mailto:matthew.chalmers@owasp.org]=20
Sent: Thursday, July 24, 2008 1:33 PM
To: Syed Kabeer Ahmed
Cc: websecurity@webappsec.org
Subject: Re: [WEB SECURITY] Security testing
=20
Surprisingly, WASC doesn't seem to have an article, whitepaper or
project on its web site directly addressing your question, however, the
threat classification is a good place to start
(http://www.webappsec.org/projects/threat/) and they also have a page
listing several good books on the subject
(http://www.webappsec.org/web_security_books.shtml). For a "quick and
dirty" job have a look at Jeremiah's article on the 80/20 rule
(http://webappsec.org/projects/articles/013105.shtml).
=20
Additionally, it's rather short but you might have a look at section C-6
of the OSSTMM: http://www.isecom.info/mirror/osstmm.en.2.2.pdf
=20
Matt
On Wed, Jun 25, 2008 at 4:56 AM, Syed Kabeer Ahmed <sahmed@gs3india.com>
wrote:
Hello,
I am from India, Kindly suggest what are the basic steps and
methodology to be followed in testing security of web applicaitons.=20
=20
Thank you.
=20
=20
Regards,=20
=20
Syed Kabeer Ahmed K=20
Software Test Engineer.=20
GS3 Services India Pvt. Ltd.=20
# 10 Dr. TV Road,
Off Spurtank Road , Chetpet,
Chennai, TN , India - 600 031=20
=20
=20
=20
=20
------_=_NextPart_001_01C8EDB9.194C3DBE
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; =
xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>From start to finish, whether you’re from India or
Indiana:<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><a
href=3D"http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Co=
ntents">http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Co=
ntents</a><o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Cheers,<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Arshan<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
0in 0in 0in'>
<p class=3DMsoNormal><b><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span>=
</b><span
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Matthew =
Chalmers
[mailto:matthew.chalmers@owasp.org] <br>
<b>Sent:</b> Thursday, July 24, 2008 1:33 PM<br>
<b>To:</b> Syed Kabeer Ahmed<br>
<b>Cc:</b> websecurity@webappsec.org<br>
<b>Subject:</b> Re: [WEB SECURITY] Security =
testing<o:p></o:p></span></p>
</div>
<p class=3DMsoNormal><o:p> </o:p></p>
<div>
<div>
<p class=3DMsoNormal>Surprisingly, WASC doesn't seem to have an article,
whitepaper or project on its web site directly addressing your question,
however, the threat classification is a good place to start (<a
href=3D"http://www.webappsec.org/projects/threat/";>http://www.webappsec.o=
rg/projects/threat/</a>)
and they also have a page listing several good books on the =
subject (<a
href=3D"http://www.webappsec.org/web_security_books.shtml";>http://www.web=
appsec.org/web_security_books.shtml</a>).
For a "quick and dirty" job have a look at Jeremiah's =
article on
the 80/20 rule (<a =
href=3D"http://webappsec.org/projects/articles/013105.shtml";>http://webap=
psec.org/projects/articles/013105.shtml</a>).<o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal>Additionally, it's rather short but you might have =
a look at
section C-6 of the OSSTMM: <a
href=3D"http://www.isecom.info/mirror/osstmm.en.2.2.pdf";>http://www.iseco=
m.info/mirror/osstmm.en.2.2.pdf</a><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'>Matt<o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal>On Wed, Jun 25, 2008 at 4:56 AM, Syed Kabeer Ahmed =
<<a
href=3D"mailto:sahmed@gs3india.com";>sahmed@gs3india.com</a>> =
wrote:<o:p></o:p></p>
<div>
<div>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Hello,</span><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'> I am from India, Kindly suggest what are the basic =
steps and
methodology to be followed in testing security of web applicaitons. =
</span><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Thank you.</span><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class=3DMsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Regards, </span><o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Syed Kabeer Ahmed K </span><span =
style=3D'color:#888888'><o:p></o:p></span></p>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Software Test Engineer. </span><span =
style=3D'color:#888888'><o:p></o:p></span></p>
</div>
<div>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>GS3 Services India Pvt. Ltd. </span><span =
style=3D'color:#888888'><o:p></o:p></span></p>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'># 10 Dr. TV Road,</span><span =
style=3D'color:#888888'><o:p></o:p></span></p>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Off Spurtank Road , Chetpet,</span><span =
style=3D'color:#888888'><o:p></o:p></span></p>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif";
color:blue'>Chennai, TN , India - 600 031 </span><span =
style=3D'color:#888888'><o:p></o:p></span></p>
</div>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'color:#888888'> <o:p></o:p></span></p>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'color:#888888'> <o:p></o:p></span></p>
</div>
<div>
<p class=3DMsoNormal><span =
style=3D'color:#888888'> <o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class=3DMsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
<!--[object_id=3D#aspectsecurity.com#]--></html>
------_=_NextPart_001_01C8EDB9.194C3DBE--
Brought to you by http://www.webappsec.org
Search this site
|