[WEB SECURITY] Manual audits

zeno at cgisecurity.net zeno at cgisecurity.net
Fri Jun 24 10:14:38 EDT 2005


> We would like to build expertise in conducting manual audits, with that, I would like to gather input as to 
> recommendations of how to go about gaining the knowledge. This could be articles/papers, web-sites, best 
> practices, tools, scripts, etc. Essentially, for those who conduct such audits, how did you go about learning 
> the techniques and what means do you use to stay current?

Here are a few links (including my own site) that can get you started. 


General Application Security Documentation: 
http://www.cgisecurity.com/lib/

SQL Injection: 
http://www.cgisecurity.com/development/sql.shtml

Cross Site Scripting: 
http://www.cgisecurity.com/development/xss.shtml

Web Services:
http://www.cgisecurity.com/ws/

AJAX:
http://www.cgisecurity.com/ajax/

Web Server Security:
http://www.cgisecurity.com/webservers/

Web Application Server Security:
http://www.cgisecurity.com/appservers/

Database Security:
http://www.cgisecurity.com/database/

OWASP:
http://www.owasp.org

SQL Server Security:
http://www.sqlsecurity.com

The Web Application Security Consortium Threat Classifications:
http://www.webappsec.org/projects/threat/



Regards,

 - Robert

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list