WebApp Sec mailing list archives
Re: testing web app security
From: "Felipe Moniz de Aragao" <felipe () syhunt com>
Date: Fri, 19 Mar 2004 19:44:26 -0800
Hi Michael - I would also recommend: http://www.cgisecurity.com/ - A web site focused on web application security and http://www.modsecurity.org Best Regards, Felipe Moniz de Aragao ----- Original Message ----- From: "Michael Cunningham" <crayola () optonline net> To: <webappsec () securityfocus com> Sent: Friday, March 19, 2004 11:33 AM Subject: testing web app security
Folks, I am going to have to take on the task of testing software applications my company produces as they roll through the QA/UAT process for security concerns (can't hire anyone and software to automate the testing seems to be very expensive). They are mainly web based applications with a database backend and some custom java and C programs. I am aware of how sql injection, buffer overflows, cross site scripting, and other security programming problems work, but I dont have a whole lot of experience applying this knowledge to application testing. Are there any training courses or documents/books you can suggest that would help me learn the skills I need to make this happen? Does anyone have a site that lists tools (open source preferred) That I could use to help me test these applications? Thanks for any help you can offer, Mike
Current thread:
- testing web app security Michael Cunningham (Mar 19)
- Re: testing web app security A.D. Douma (Mar 19)
- Re: testing web app security Ivan Ristic (Mar 20)
- Re: testing web app security Felipe Moniz de Aragao (Mar 19)
- RE: testing web app security Mark Curphey (Mar 19)
- Re: testing web app security Steve Suehring (Mar 19)
- <Possible follow-ups>
- RE: testing web app security Weiler, Jim (Mar 31)
- Re: testing web app security A.D. Douma (Mar 19)