WebApp Sec mailing list archives
Complex applications security testing framework
From: Marat VYSHEGORODTSEV <marat.vyshegorodtsev () gmail com>
Date: Sun, 29 Nov 2009 00:47:19 +0300
Hello, web security researchers! There is well known methodology for auditing security of web applications called OWASP Testing Guide [0], but it describes testing procedures for only web applications, not for, like, complex applications (for example, containing application servers, application gateways and so on) usually written in C#, C++, Delphi or any other non-scripting language. Would you, folks, recommend such a framework for testing complex not-web-only-applications? I know only one approach from SANS [1] (Top25, CWE classification and risk assessment), but it doesn't provide comprehensive methodology like OWASP does. Basically I want to fill a gap between risk and vulnerability assessment jobs and I'm looking for generally recognized approach. [0] http://www.owasp.org/index.php/Category:OWASP_Testing_Project [1] http://www.sans.org/top25-programming-errors/ Sincerely, Marat Vyshegorodtsev Assessment specialist This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Complex applications security testing framework Marat VYSHEGORODTSEV (Nov 29)
- Re: Complex applications security testing framework chr1x (Nov 29)
- Re: Complex applications security testing framework Marat VYSHEGORODTSEV (Nov 29)
- Re: Complex applications security testing framework chr1x (Nov 29)