Re: Web Application Security Testing Procedures

[Saqib Ali <docbook.xml () gmail com>]

The document that you trying to write will get very lengthy and
consfusing real fast. I would suggest that you choose a specific topic
(e.g. CSRF) and then write a testing procedure document for it.

I have seen some documents that tried to be all inclusive but they got
out-of-date real soon.

Large corporation usually have their own Guides/Testing Procedures for
developing Secure Web Applications.

In Peace,
Saqib Ali
http://validate.sf.net

On Tue, 28 Dec 2004 12:05:49 -0500, Lecia McCalla <lmccalla () fsl org jm> wrote:
> Hi All,
> I am currently researching Web application security with the ultimate goal
> of preparing a Web Applications Security Testing Procedures Document.
> However, since I'm a novice in the field, I'm requesting some assistance
> from the group.
>
> Please provide suggestions and/ or guidelines as to what should be
> considered when testing security for web applications.
>
> Regards,
> Lecia McCalla
> Business Analyst - Quality Management
> Fiscal Services Limited
> Mailto:lmccalla () fsl org jm
> Tel: (876)927-1125-8 Extn 3815
> Fax: (876)927-1810


-- 
In Peace,
Saqib Ali
http://tools.tldp.org/search.php <--- Search for Linux HOWTOs