[Owasp-boston] My list of webappsec info sources
Weiler, Jim
Jim.Weiler at Staples.com
Wed Feb 16 20:25:46 EST 2005
Here's my list of information sources I forgot to hand out at the first
meeting.
Web Application Security
Information Sources
Mailing Lists
1. http://www.securityfocus.com/archive web application security,
others - these folks run BugTraq
Forums
http://www.insecure.org/ vuln dev, pen test,
http://www.webmasterworld.com/ good for learning, asking about web log
data, traffic behavior
Web Sites
1. http://www.securityfocus.com/
2. http://project.honeynet.org/ read the challenges that apply to you,
white papers
3. www.antiphishing.org
4. http://www.cert.org/nav/index.html
5. http://www.windowsecurity.com/ well organized
6. http://www.microsoft.com/technet/security/default.mspx
7. http://www.sans.org/aboutsans.php reading room has papers
8. http://searchsecurity.techtarget.com/
9. http://www.eweek.com/category2/0,4148,1237860,00.asp Ziff-Davis
security site
10. www.owasp.org
11. http://www.technicalinfo.net/index.html - Gunter Ollmann
12. www.enterpriseitplanet.com/security
13. msdn.microsoft.com/security
14. http://www.coresecuritypatterns.com - good poster
WebCasts
1. http://www.gocsi.com/links/webcasts.jhtml
2. http://www.sans.org/webcasts/
3. http://searchsecurity.techtarget.com/webcasts/0,295024,sid14,00.html
4.
Tools - online
1. http://www.neoparadigms.com/techtip-html-encoding.html
2. http://www.albionresearch.com/misc/urlencode.php
Tools - Download
1. http://www.parosproxy.org/index.shtml Paros web proxy server
2.
http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61823
OWASP Web Scarab proxy server
Blogs
1. http://blog.ziffdavis.com/seltzer Larry Seltzer
Jim Weiler
Staples North American Application Services
Application Architect
508 2533884
More information about the Owasp-boston
mailing list