Web application pen-test books?

**ric-o** · August 25th, 2005, 06:12 PM

Anyone recommend a good web application penetration test books? I've been tasked with doing a bunch of pen-tests against websites lately.

I have 2 currently:
_Hacking Exposed Web Applications_ by Joel Scambray and Mike Shema
_Web Hacking: Attacks and Defense_ by McClure, Shah, Shah

Any others I should look at? Thanks in advance.

***Soda_Popinsky*** · August 25th, 2005, 07:40 PM

http://www.owasp.org/documentation/guide.html

**Riot** · August 25th, 2005, 09:32 PM

The best tutorial on the web

**ric-o** · August 26th, 2005, 04:05 AM

Soda:

Yep, know that site pretty well: been frequent visitor for last 1.5 years - have all their guides. Also have several docs written by SPIDynamics too.

Riot:

Brown noser.

ha ha. Yep, been to his site a few times.

Thanks guys. FYI: I just ordered _HackNotes: Web Security Pocket Guide_ as well as a book published by Wiley called _Testing Web Applications_.

***zencoder*** · August 26th, 2005, 04:35 AM

ric-o hit it. SPIDynamics makes some of the better commercially available software for web app testing. Anything by them would be top of my list.

***Aspman*** · August 26th, 2005, 10:12 AM

Network Security Assessment

<edit>Oops, not web application specific but might be useful.

**Riot** · August 26th, 2005, 03:12 PM

here you can find some great book here http://ebook.irdesigner.com/

**R0n1n** · August 26th, 2005, 08:25 PM

There is a good book called application security, or web app security, which has a picture of a cowboy hat on the front...can`t remember what the bloody name is at the moment.

I think if you already have a couple of books then you can stick with those and just read the papers from SPI, NGS etc...

Also, have a look at WebGoat http://www.owasp.org/software/webgoat.html as you can learn alot form there.

Thread: Web application pen-test books?

Thread Tools

Display

Web application pen-test books?

Posting Permissions