WebApp Sec mailing list archives

RE: Guidlines for Testing Web Applications

From: "Nelson, Ernie" <Ernie.Nelson () wizards com>
Date: Thu, 20 Mar 2003 10:34:55 -0800

http://www.owasp.org/

There are also various papers that may be helpful in the sans.org
reading room.  I have a paper on that topic somewhere on that site as
well.

I am a Business Analyst/Trainer at the company where I work.  I am now 
required to assist in the testing of web applications with the focus on

the security aspect. Where as I have experience in testing, I have no 
experience in security as it relates to web applications.  Can you help

me?  When testing a web application with focus on security what do I 
look for?  Are there any written guidelines that I should follow?  So 
far I have been researching SSL and SQL Injections.  Any ideas?

Current thread:

RE: Guidlines for Testing Web Applications Nelson, Ernie (Mar 20)
- <Possible follow-ups>
- RE: Guidlines for Testing Web Applications Ramirez, Manuel N (CORP, DDEMESIS) (Mar 20)
  - Re: Guidlines for Testing Web Applications Dave Aitel (Mar 21)
- RE: Guidlines for Testing Web Applications David Endler (Mar 20)
- Re: Guidlines for Testing Web Applications Craig_Sullivan (Mar 26)