I recently completed an overview of web security testing for my team. Below are the links I used as resources. I consider the OWASP Testing Guide to be the most useful.
|
Payment Card Industry Security Standards PCI Security Standards Council - https://www.pcisecuritystandards.org/ PCI Data Security Standard - https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf |
|
Open Web Application Security Project (OWASP) OWASP Main Site - http://www.owasp.org OWASP Top 10 (2007) Web Application Vulnerabilities - http://www.owasp.org/index.php/Top_10_2007 OWASP Testing Guide (v2) - http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents |
|
SANS Institute (SANS stands for SysAdmin, Audit, Network, Security) SANS Main Site - http://www.sans.org SANS Top-20 Internet Security Attach Targets - http://www.sans.org |
|
United States Computer Emergency Readiness Team (US-CERT) US-CERT Main Site - http://www.us-cert.gov/ US-CERT Security Alerts (Technical) - http://www.us-cert.gov/cas/techalerts/ US-CERT Security Bulletins - http://www.us-cert.gov/cas/bulletins/ |
|
Vendor Sites and Resources SPI Dynamics - http://www.spidynamics.com/ White Papers - http://www.spidynamics.com/spilabs/education/whitepapers.html |
|
Fortify Software - http://www.fortifysoftware.com/ Fortify Taxonomy: Software Security Errors - http://www.fortifysoftware.com/vulncat/ |