[WEB SECURITY] Manual audits

Aiken, Dan AikenD at HSS.EDU
Fri Jun 24 10:54:53 EDT 2005


I suggest the SANS course, "AUDIT 507: Auditing Networks, Perimeters and Systems". I took this course, and it was a great course. It also prepares you for the GSNA certification attempt, if that is of interest to you.

Also, my paper, Web Application Security Audit, is available on the GIAC web site: http://www.giac.org/certified_professionals/practicals/gsna/0184.php. 

Dan Aiken, GSEC, GSNA
Corporate Compliance Director
Ofc: (212) 774-2569
Fax: (212) 606-1930
aikend at hss.edu
"In theory there is no difference between theory and practice. In practice there is." Yogi Berra, quoted by Bruce Schneier in Secrets & Lies, p.8.

-----Original Message-----
From: John Muchow [mailto:jmuchow at midwave.com] 
Sent: Friday, June 24, 2005 9:59 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Manual audits

With the current on-going discussion of Security Audit Software this seems a good time to bring up a question about performing a manual audit...
We would like to build expertise in conducting manual audits, with that, I would like to gather input as to recommendations of how to go about gaining the knowledge. This could be articles/papers, web-sites, best practices, tools, scripts, etc. Essentially, for those who conduct such audits, how did you go about learning the techniques and what means do you use to stay current?

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list