4.0
1NSchAb
1NSchAb
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
217<br />
Appendix<br />
Testing - http:/www.nist.gov/director/planning/upload/report02-3.<br />
pdf<br />
• Improving Web Application Security: Threats and Countermeasures-<br />
http:/msdn.microsoft.com/en-us/library/ff649874.aspx<br />
• NIST Publications - http:/csrc.nist.gov/publications/PubsSPs.html<br />
• The Open Web Application Security Project (OWASP) Guide Project -<br />
https:/www.owasp.org/index.php/Category:OWASP_Guide_Project<br />
• Security Considerations in the System Development Life Cycle<br />
(NIST) - http:/www.nist.gov/customcf/get_pdf.cfm?pub_id=890097<br />
• The Security of Applications: Not All Are Created Equal - http:/www.<br />
securitymanagement.com/archive/library/atstake_tech0502.pdf<br />
• Software Assurance: An Overview of Current Practices - http:/<br />
www.safecode.org/publications/SAFECode_BestPractices0208.pdf<br />
• Software Security Testing: Software Assurance Pocket guide<br />
Series: Development, Volume III - https:/buildsecurityin.us-cert.<br />
gov/swa/downloads/SoftwareSecurityTesting_PocketGuide_1%20<br />
0_05182012_PostOnline.pdf<br />
• Use Cases: Just the FAQs and Answers – http:/www.ibm.com/<br />
developerworks/rational/library/content/RationalEdge/jan03/Use-<br />
CaseFAQS_TheRationalEdge_Jan2003.pdf<br />
Books<br />
• The Art of Software Security Testing: Identifying Software Security<br />
Flaws, by Chris Wysopal, Lucas Nelson, Dino Dai Zovi, Elfriede Dustin,<br />
published by Addison-Wesley, ISBN 0321304861 (2006)<br />
• Building Secure Software: How to Avoid Security Problems the<br />
Right Way, by Gary McGraw and John Viega, published by Addison-Wesley<br />
Pub Co, ISBN 020172152X (2002) - http:/www.buildingsecuresoftware.com<br />
• The Ethical Hack: A Framework for Business Value Penetration<br />
Testing, By James S. Tiller, Auerbach Publications, ISBN 084931609X<br />
(2005)<br />
• + Online version available at: http:/books.google.com/books?id=fwASXKXOolEC&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false<br />
• Exploiting Software: How to Break Code, by Gary McGraw and Greg<br />
Hoglund, published by Addison-Wesley Pub Co, ISBN 0201786958<br />
(2004) -http:/www.exploitingsoftware.com<br />
• The Hacker’s Handbook: The Strategy behind Breaking into and<br />
Defending Networks, By Susan Young, Dave Aitel, Auerbach Publications,<br />
ISBN: 0849308887 (2005)<br />
• + Online version available at: http:/books.google.com/<br />
books?id=AO2fsAPVC34C&printsec=frontcover&source=gbs_ge_<br />
summary_r&cad=0#v=onepage&q&f=false<br />
• Hacking Exposed: Web Applications 3, by Joel Scambray, Vinvent<br />
Liu, Caleb Sima, published by McGraw-Hill Osborne Media, ISBN<br />
007222438X (2010) - http:/www.webhackingexposed.com/<br />
• The Web Application Hacker’s Handbook: Finding and Exploiting<br />
Security Flaws, 2nd Edition - published by Dafydd Stuttard, Marcus<br />
Pinto, ISBN 9781118026472 (2011)<br />
• How to Break Software Security, by James Whittaker, Herbert H.<br />
Thompson, published by Addison Wesley, ISBN 0321194330 (2003)<br />
• How to Break Software: Functional and Security Testing of Web<br />
Applications and Web Services, by Make Andrews, James A. Whittaker,<br />
published by Pearson Education Inc., ISBN 0321369440 (2006)<br />
• Innocent Code: A Security Wake-Up Call for Web Programmers,<br />
by Sverre Huseby, published by John Wiley & Sons, ISBN<br />
0470857447(2004) - http:/innocentcode.thathost.com<br />
• + Online version available at: http:/books.google.com/books?id=R-<br />
jVjgPQsKogC&printsec=frontcover&source=gbs_ge_summary_r&-<br />
cad=0#v=onepage&q&f=false<br />
• Mastering the Requirements Process, by Suzanne Robertson and<br />
James Robertson, published by Addison-Wesley Professional, ISBN<br />
0201360462<br />
• + Online version available at: http:/books.google.com/<br />
books?id=SN4WegDHVCcC&printsec=frontcover&source=gbs_ge_<br />
summary_r&cad=0#v=onepage&q&f=false<br />
• Secure Coding: Principles and Practices, by Mark Graff and Kenneth<br />
R. Van Wyk, published by O’Reilly, ISBN 0596002424 (2003) - http:/<br />
www.securecoding.org<br />
• Secure Programming for Linux and Unix HOWTO, David Wheeler<br />
(2004) http:/www.dwheeler.com/secure-programs<br />
• + Online version: http:/www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html<br />
• Securing Java, by Gary McGraw, Edward W. Felten, published by<br />
Wiley, ISBN 047131952X (1999) - http:/www.securingjava.com<br />
• Software Security: Building Security In, by Gary McGraw, published<br />
by Addison-Wesley Professional, ISBN 0321356705 (2006)<br />
• Software Testing In The Real World (Acm Press Books) by Edward<br />
Kit, published by Addison-Wesley Professional, ISBN 0201877562<br />
(1995)<br />
• Software Testing Techniques, 2nd Edition, By Boris Beizer, International<br />
Thomson Computer Press, ISBN 0442206720 (1990)<br />
The Tangled Web: A Guide to Securing Modern Web Applications,<br />
by Michael Zalewski, published by No Starch Press Inc., ISBN<br />
047131952X (2011)<br />
The Unified Modeling Language – A User Guide – by Grady Booch,<br />
James Rumbaugh, Ivar Jacobson, published by Addison-Wesley Professional,<br />
ISBN 0321267974 (2005)<br />
• The Unified Modeling Language User Guide, by Grady Booch, James<br />
Rumbaugh, Ivar Jacobson, Ivar published by Addison-Wesley Professional,<br />
ISBN 0-201-57168-4 (1998)<br />
Web Security Testing Cookbook: Systematic Techniques to Find Problems<br />
Fast, by Paco Hope, Ben Walther, published by O’Reilly, ISBN<br />
0596514832 (2008)<br />
• Writing Secure Code, by Mike Howard and David LeBlanc, published<br />
by Microsoft Press, ISBN 0735617228 (2004) http:/www.microsoft.<br />
com/learning/en/us/book.aspx?ID=5957&locale=en-us<br />
Useful Websites<br />
• Build Security In - https:/buildsecurityin.us-cert.gov/bsi/home.html<br />
• Build Security In – Security-Specific Bibliography - https:/<br />
buildsecurityin.us-cert.gov/bsi/articles/best-practices/measurement/1070-BSI.html<br />
• CERT Secure Coding - http:/www.cert.org/secure-coding/<br />
• CERT Secure Coding Standards- https:/www.securecoding.cert.<br />
org/confluence/display/seccode/CERT+Secure+Coding+Standards<br />
• Exploit and Vulnerability Databases - https:/buildsecurityin.us-cert.<br />
gov/swa/database.html<br />
• Google Code University – Web Security - http:/code.google.com/<br />
edu/security/index.html<br />
• McAfee Foundstone Publications - http:/www.mcafee.com/apps/<br />
view-all/publications.aspx?tf=foundstone&sz=10<br />
• McAfee – Resources Library - http:/www.mcafee.com/apps/resource-library-search.aspx?region=us<br />
• McAfee Free Tools - http:/www.mcafee.com/us/downloads/freetools/index.aspx<br />
• OASIS Web Application Security (WAS) TC - http:/www.oasis-open.org/committees/tc_home.php?wg_abbrev=was<br />
• Open Source Software Testing Tools - http:/www.opensourcetesting.org/security.php