Web application pen-test books?
Results 1 to 8 of 8

Thread: Web application pen-test books?

  1. #1
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487

    Web application pen-test books?

    Anyone recommend a good web application penetration test books? I've been tasked with doing a bunch of pen-tests against websites lately.

    I have 2 currently:
    _Hacking Exposed Web Applications_ by Joel Scambray and Mike Shema
    _Web Hacking: Attacks and Defense_ by McClure, Shah, Shah

    Any others I should look at? Thanks in advance.

  2. #2

  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    379

  4. #4
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Soda:

    Yep, know that site pretty well: been frequent visitor for last 1.5 years - have all their guides. Also have several docs written by SPIDynamics too.

    Riot:

    Brown noser. ha ha. Yep, been to his site a few times.

    Thanks guys. FYI: I just ordered _HackNotes: Web Security Pocket Guide_ as well as a book published by Wiley called _Testing Web Applications_.

  5. #5
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    ric-o hit it. SPIDynamics makes some of the better commercially available software for web app testing. Anything by them would be top of my list.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  6. #6
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    Network Security Assessment

    <edit>Oops, not web application specific but might be useful.

  7. #7
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    here you can find some great book here http://ebook.irdesigner.com/

  8. #8
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    There is a good book called application security, or web app security, which has a picture of a cowboy hat on the front...can`t remember what the bloody name is at the moment.

    I think if you already have a couple of books then you can stick with those and just read the papers from SPI, NGS etc...

    Also, have a look at WebGoat http://www.owasp.org/software/webgoat.html as you can learn alot form there.
    Quis custodiet ipsos custodes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •