Re: Question about a book

["Sheldon Malm" <smalm () ncircle com>]

SANS has excellent course ware and I would recommend "How to break web software"

--------------------------
Sheldon Malm
Director 
Security Research and Development
nCircle VERT

Sent from my BlackBerry Wireless Handheld


----- Original Message -----
From: listbounce () securityfocus com <listbounce () securityfocus com>
To: Worrell, Brian <BWorrell () isdh IN gov>
Cc: security-basics () securityfocus com <security-basics () securityfocus com>
Sent: Fri Jan 04 09:25:11 2008
Subject: Re: Question about a book

I would skip the book if you are going to do risk assessment instead  
of application assessments... A better guide would likely be the high  
level OWASP stuff at http://www.owasp.org.

---
Brent Huston, CHS-III
Security Evangelist & CEO
http://www.microsolved.com
Assessments, Application/Device Security & HoneyPoint

On Jan 4, 2008, at 8:24 AM, Worrell, Brian wrote:

> Has anyone read the book "The Web Application Hacker's Handbook
> Discovering and Exploiting Security Flaws"?
>
> If so, what do you think about it?  Soon I will have to do Risk
> Assessments of our Web Applications that we are going to deploy, and
> need something that would help me when it comes to the most common  
> tests
> or vulnerabilities.
>
> Knowing that there are many options, if this book is not very good,  
> does
> anyone else know of a resource for Web App assessments?
>
> Thank you,
>
> Brian Worrell
> Information Security Manager and Security Officer
> Office of HIPAA Compliance
> Indiana State Department of Health
> 2 North Meridian Street
> Indianapolis, IN  46204
> o: (317) 233-4945