Security Basics mailing list archives

Re: Question about a book

From: Brent Huston <lbhlists () gmail com>
Date: Fri, 4 Jan 2008 12:25:11 -0500

I would skip the book if you are going to do risk assessment insteadof application assessments... A better guide would likely be the highlevel OWASP stuff at http://www.owasp.org.


---
Brent Huston, CHS-III
Security Evangelist & CEO
http://www.microsolved.com
Assessments, Application/Device Security & HoneyPoint

On Jan 4, 2008, at 8:24 AM, Worrell, Brian wrote:



Has anyone read the book "The Web Application Hacker's Handbook
Discovering and Exploiting Security Flaws"?

If so, what do you think about it?  Soon I will have to do Risk
Assessments of our Web Applications that we are going to deploy, and

need something that would help me when it comes to the most commontests

or vulnerabilities.

Knowing that there are many options, if this book is not very good,does

anyone else know of a resource for Web App assessments?

Thank you,

Brian Worrell
Information Security Manager and Security Officer
Office of HIPAA Compliance
Indiana State Department of Health
2 North Meridian Street
Indianapolis, IN  46204
o: (317) 233-4945

Current thread:

Question about a book Worrell, Brian (Jan 04)
- Re: Question about a book Brent Huston (Jan 04)
  - Re: Question about a book Bipin Upadhyay (Jan 07)
- <Possible follow-ups>
- Re: Question about a book Sheldon Malm (Jan 04)