[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [WEB SECURITY] Security testing
- From: "Tom Brennan" <tomb@xxxxxxxxxxxxxxxxx>
- Subject: RE: [WEB SECURITY] Security testing
- Date: Thu, 24 Jul 2008 15:31:18 -0400
------=_NextPart_000_0056_01C8EDA2.51942F90
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Also check out http://www.owasp.org/index.php/OWASP_Testing_Project has
how-to + checklists.
_____
From: Matthew Chalmers [mailto:matthew.chalmers@owasp.org]
Sent: Thursday, July 24, 2008 1:33 PM
To: Syed Kabeer Ahmed
Cc: websecurity@webappsec.org
Subject: Re: [WEB SECURITY] Security testing
Surprisingly, WASC doesn't seem to have an article, whitepaper or project on
its web site directly addressing your question, however, the threat
classification is a good place to start
(http://www.webappsec.org/projects/threat/) and they also have a page
listing several good books on the subject
(http://www.webappsec.org/web_security_books.shtml). For a "quick and dirty"
job have a look at Jeremiah's article on the 80/20 rule
(http://webappsec.org/projects/articles/013105.shtml).
Additionally, it's rather short but you might have a look at section C-6 of
the OSSTMM: http://www.isecom.info/mirror/osstmm.en.2.2.pdf
Matt
On Wed, Jun 25, 2008 at 4:56 AM, Syed Kabeer Ahmed <sahmed@gs3india.com>
wrote:
Hello,
I am from India, Kindly suggest what are the basic steps and methodology to
be followed in testing security of web applicaitons.
Thank you.
Regards,
Syed Kabeer Ahmed K
Software Test Engineer.
GS3 Services India Pvt. Ltd.
# 10 Dr. TV Road,
Off Spurtank Road , Chetpet,
Chennai, TN , India - 600 031
------=_NextPart_000_0056_01C8EDA2.51942F90
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Dus-ascii" =
http-equiv=3DContent-Type>
<META name=3DGENERATOR content=3D"MSHTML 6.00.6001.17509"></HEAD>
<BODY>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D437553019-24072008><FONT =
color=3D#0000ff=20
size=3D2 face=3DArial>Also check out <A=20
href=3D"http://www.owasp.org/index.php/OWASP_Testing_Project";>http://www.=
owasp.org/index.php/OWASP_Testing_Project</A> =20
has how-to + checklists.</FONT></SPAN></DIV><BR>
<DIV dir=3Dltr lang=3Den-us class=3DOutlookMessageHeader align=3Dleft>
<HR tabIndex=3D-1>
<FONT size=3D2 face=3DTahoma><B>From:</B> Matthew Chalmers=20
[mailto:matthew.chalmers@owasp.org] <BR><B>Sent:</B> Thursday, July 24, =
2008=20
1:33 PM<BR><B>To:</B> Syed Kabeer Ahmed<BR><B>Cc:</B>=20
websecurity@webappsec.org<BR><B>Subject:</B> Re: [WEB SECURITY] Security =
testing<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=3Dltr>
<DIV>Surprisingly, WASC doesn't seem to have an article, whitepaper or =
project=20
on its web site directly addressing your question, however, the threat=20
classification is a good place to start (<A=20
href=3D"http://www.webappsec.org/projects/threat/";>http://www.webappsec.o=
rg/projects/threat/</A>)=20
and they also have a page listing several good books on the =
subject=20
(<A=20
href=3D"http://www.webappsec.org/web_security_books.shtml";>http://www.web=
appsec.org/web_security_books.shtml</A>).=20
For a "quick and dirty" job have a look at Jeremiah's article on =
the 80/20=20
rule (<A=20
href=3D"http://webappsec.org/projects/articles/013105.shtml";>http://webap=
psec.org/projects/articles/013105.shtml</A>).</DIV>
<DIV> </DIV>
<DIV>Additionally, it's rather short but you might have a look at =
section C-6 of=20
the OSSTMM: <A=20
href=3D"http://www.isecom.info/mirror/osstmm.en.2.2.pdf";>http://www.iseco=
m.info/mirror/osstmm.en.2.2.pdf</A></DIV>
<DIV> </DIV>
<DIV>Matt<BR><BR></DIV>
<DIV class=3Dgmail_quote>On Wed, Jun 25, 2008 at 4:56 AM, Syed Kabeer =
Ahmed <<A=20
href=3D"mailto:sahmed@gs3india.com";>sahmed@gs3india.com</A>> =
wrote:<BR>
<BLOCKQUOTE=20
style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc =
1px solid"=20
class=3Dgmail_quote>
<DIV>
<DIV dir=3Dltr>
<DIV dir=3Dltr><FONT color=3D#0000ff size=3D2 =
face=3DVerdana>Hello,</FONT></DIV>
<DIV dir=3Dltr><FONT color=3D#0000ff size=3D2 face=3DVerdana> I =
am from India,=20
Kindly suggest what are the basic steps and methodology to be followed =
in=20
testing security of web applicaitons. </FONT></DIV>
<DIV dir=3Dltr><FONT color=3D#0000ff size=3D2 =
face=3DVerdana></FONT> </DIV>
<DIV dir=3Dltr><FONT color=3D#0000ff size=3D2 face=3DVerdana>Thank =
you.</FONT></DIV>
<DIV dir=3Dltr><FONT color=3D#0000ff size=3D2 =
face=3DVerdana></FONT> </DIV></DIV>
<DIV dir=3Dltr>
<DIV><FONT color=3D#0000ff></FONT> </DIV>
<DIV><FONT color=3D#0000ff size=3D2 face=3DVerdana>Regards, =
</FONT></DIV>
<DIV><FONT color=3D#0000ff size=3D2 =
face=3DVerdana></FONT> </DIV><FONT=20
color=3D#888888>
<DIV><FONT color=3D#0000ff size=3D2 face=3DVerdana>Syed Kabeer Ahmed K =
</FONT></DIV>
<DIV><FONT color=3D#0000ff size=3D2 face=3DVerdana>Software Test =
Engineer.=20
</FONT></DIV>
<DIV>
<DIV><FONT color=3D#0000ff size=3D2 face=3DVerdana>GS3 Services India =
Pvt. Ltd.=20
</FONT></DIV>
<DIV><FONT color=3D#0000ff size=3D2 face=3DVerdana># 10 Dr. TV=20
Road,</FONT></DIV>
<DIV><FONT color=3D#0000ff size=3D2 face=3DVerdana>Off Spurtank =
Road ,=20
Chetpet,</FONT></DIV>
<DIV><FONT color=3D#0000ff size=3D2 face=3DVerdana>Chennai, TN , =
India - 600=20
031 </FONT></DIV></DIV>
<DIV><FONT color=3D#0000ff size=3D2 face=3DVerdana></FONT> </DIV>
<DIV><FONT color=3D#0000ff size=3D2 face=3DVerdana></FONT> </DIV>
<DIV><FONT color=3D#0000ff size=3D2 =
face=3DVerdana><EM></EM></FONT> </DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
=
<DIV><PRE></PRE></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></D=
IV></FONT></DIV></DIV></BLOCKQUOTE></DIV><BR></DIV></BODY></HTML>
------=_NextPart_000_0056_01C8EDA2.51942F90--
Brought to you by http://www.webappsec.org
Search this site
|