[Owasp-boston] My list of webappsec info sources

Weiler, Jim Jim.Weiler at Staples.com
Wed Feb 16 20:25:46 EST 2005

Here's my list of information sources I forgot to hand out at the first

Web Application Security
Information Sources

Mailing Lists

1.	http://www.securityfocus.com/archive  web application security,
others - these folks run BugTraq

http://www.insecure.org/  vuln dev, pen test,

http://www.webmasterworld.com/  good for learning, asking about web log
data, traffic behavior

Web Sites
1.	http://www.securityfocus.com/
2.	http://project.honeynet.org/  read the challenges that apply to you,
white papers
3.	www.antiphishing.org
4.	http://www.cert.org/nav/index.html 
5.	http://www.windowsecurity.com/  well organized
6.	http://www.microsoft.com/technet/security/default.mspx
7.	http://www.sans.org/aboutsans.php reading room has papers
8.	http://searchsecurity.techtarget.com/
9.	http://www.eweek.com/category2/0,4148,1237860,00.asp  Ziff-Davis
security site
10.	www.owasp.org
11.	http://www.technicalinfo.net/index.html - Gunter Ollmann
12.	www.enterpriseitplanet.com/security
13.	msdn.microsoft.com/security
14.	http://www.coresecuritypatterns.com - good poster


1.	http://www.gocsi.com/links/webcasts.jhtml
2.	http://www.sans.org/webcasts/
3.	http://searchsecurity.techtarget.com/webcasts/0,295024,sid14,00.html


Tools - online
1.	http://www.neoparadigms.com/techtip-html-encoding.html 
2.	http://www.albionresearch.com/misc/urlencode.php

Tools - Download

1.	http://www.parosproxy.org/index.shtml Paros web proxy server
OWASP Web Scarab proxy server

1. http://blog.ziffdavis.com/seltzer Larry Seltzer

Jim Weiler
Staples North American Application Services
Application Architect
508 2533884

More information about the Owasp-boston mailing list