Web application pen-test books?

Printable View

August 25th, 2005, 06:12 PM
ric-o

Web application pen-test books?

Anyone recommend a good web application penetration test books? I've been tasked with doing a bunch of pen-tests against websites lately.

I have 2 currently:
_Hacking Exposed Web Applications_ by Joel Scambray and Mike Shema
_Web Hacking: Attacks and Defense_ by McClure, Shah, Shah

Any others I should look at? Thanks in advance.
August 25th, 2005, 07:40 PM
Soda_Popinsky

http://www.owasp.org/documentation/guide.html
August 25th, 2005, 09:32 PM
Riot

The best tutorial on the web :duh:
August 26th, 2005, 04:05 AM
ric-o

Soda:

Yep, know that site pretty well: been frequent visitor for last 1.5 years - have all their guides. Also have several docs written by SPIDynamics too.

Riot:

Brown noser. :eek: ha ha. Yep, been to his site a few times.

Thanks guys. FYI: I just ordered _HackNotes: Web Security Pocket Guide_ as well as a book published by Wiley called _Testing Web Applications_.
August 26th, 2005, 04:35 AM
zencoder

ric-o hit it. SPIDynamics makes some of the better commercially available software for web app testing. Anything by them would be top of my list.
August 26th, 2005, 10:12 AM
Aspman

Network Security Assessment

<edit>Oops, not web application specific but might be useful.
August 26th, 2005, 03:12 PM
Riot

here you can find some great book here http://ebook.irdesigner.com/
August 26th, 2005, 08:25 PM
R0n1n

There is a good book called application security, or web app security, which has a picture of a cowboy hat on the front...can`t remember what the bloody name is at the moment.

I think if you already have a couple of books then you can stick with those and just read the papers from SPI, NGS etc...

Also, have a look at WebGoat http://www.owasp.org/software/webgoat.html as you can learn alot form there.

All times are GMT +1. The time now is 06:58 AM.