Penetration Testing mailing list archives
testing applications for security issues
From: Michael Cunningham <crayola () optonline net>
Date: Thu, 18 Mar 2004 20:41:58 -0500
Folks, I am going to have to take on the task of testing software applications my company produces as they roll through the QA/UAT process for security concerns (can't hire anyone and software to automate the testing seems to be very expensive). They are mainly web based applications with a database backend, appworx jobs, and some custom java and C programs. I am aware of how sql injection, buffer overflows, cross site scripting, and other security programming problems work, but I dont have a whole lot of experience applying this knowledge to application testing. Are there any training courses or documents/books you can suggest that would help me learn the skills I need to make this happen? Does anyone have a site that lists tools (open source preferred) That I could use to help me test these applications? Thanks for any help you can offer, Mike -- Michael Cunningham (CISSP, SCNA, SCSA, CCSA) --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- testing applications for security issues Michael Cunningham (Mar 19)