WebApp Sec mailing list archives
RE: testing web app security
From: "Mark Curphey" <mark () curphey com>
Date: Fri, 19 Mar 2004 18:09:37 -0500
The OWASP Testing Guide Part 1 is getting closer and closer to release. Part 1 is essentially the process of building a Testing program. Part 2 will be the How to Test for specific issues. It should be released before the end of this month is first draft for review. I am working this weekend to try and complete a lot of it. -----Original Message----- From: Michael Cunningham [mailto:crayola () optonline net] Sent: Friday, March 19, 2004 2:34 PM To: webappsec () securityfocus com Subject: testing web app security Folks, I am going to have to take on the task of testing software applications my company produces as they roll through the QA/UAT process for security concerns (can't hire anyone and software to automate the testing seems to be very expensive). They are mainly web based applications with a database backend and some custom java and C programs. I am aware of how sql injection, buffer overflows, cross site scripting, and other security programming problems work, but I dont have a whole lot of experience applying this knowledge to application testing. Are there any training courses or documents/books you can suggest that would help me learn the skills I need to make this happen? Does anyone have a site that lists tools (open source preferred) That I could use to help me test these applications? Thanks for any help you can offer, Mike
Current thread:
- testing web app security Michael Cunningham (Mar 19)
- Re: testing web app security A.D. Douma (Mar 19)
- Re: testing web app security Ivan Ristic (Mar 20)
- Re: testing web app security Felipe Moniz de Aragao (Mar 19)
- RE: testing web app security Mark Curphey (Mar 19)
- Re: testing web app security Steve Suehring (Mar 19)
- <Possible follow-ups>
- RE: testing web app security Weiler, Jim (Mar 31)
- Re: testing web app security A.D. Douma (Mar 19)