August 25th, 2005, 06:12 PM
Web application pen-test books?
Anyone recommend a good web application penetration test books? I've been tasked with doing a bunch of pen-tests against websites lately.
I have 2 currently:
_Hacking Exposed Web Applications_ by Joel Scambray and Mike Shema
_Web Hacking: Attacks and Defense_ by McClure, Shah, Shah
Any others I should look at? Thanks in advance.
August 25th, 2005, 07:40 PM
August 25th, 2005, 09:32 PM
August 26th, 2005, 04:05 AM
Yep, know that site pretty well: been frequent visitor for last 1.5 years - have all their guides. Also have several docs written by SPIDynamics too.
Brown noser. ha ha. Yep, been to his site a few times.
Thanks guys. FYI: I just ordered _HackNotes: Web Security Pocket Guide_ as well as a book published by Wiley called _Testing Web Applications_.
August 26th, 2005, 04:35 AM
ric-o hit it. SPIDynamics makes some of the better commercially available software for web app testing. Anything by them would be top of my list.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
August 26th, 2005, 10:12 AM
Network Security Assessment
<edit>Oops, not web application specific but might be useful.
August 26th, 2005, 03:12 PM
here you can find some great book here http://ebook.irdesigner.com/
August 26th, 2005, 08:25 PM
There is a good book called application security, or web app security, which has a picture of a cowboy hat on the front...can`t remember what the bloody name is at the moment.
I think if you already have a couple of books then you can stick with those and just read the papers from SPI, NGS etc...
Also, have a look at WebGoat http://www.owasp.org/software/webgoat.html as you can learn alot form there.
Quis custodiet ipsos custodes