Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing
Here is a list of resources and books to help with your study.
12 Hacking Web Applications (13)
-
12 Reading
- Basic HTML Examples
- PDF of Hacking Exposed chapter 1
- OWASP Top 10 2010 Web Application Vulnerabilities
- WebGoat Web Hacking Simulation Series
- w3af – Web Application Attack and Audit Framework
- Components and Web Application Architecture
- A New Threat To Web Applications: Connection String Parameter Pollution (CSPP) | ORA600
- WGET 1.11.4 for Windows (win32)
- Bugtraq: Re: Bad news on RPC DCOM vulnerability
-
12 Tools
- Web Application Penetration Testing – OWASP
- Burp Suite
- Nikto2 | CIRT.net
- Web application security – Acunetix Web Vulnerability Scanner
- Wget for Windows
- Sleuth 1.4 Overview
- HooBieNet – Home
- soapUI – The Home of Functional Testing
- XML Editor, Data Management, UML, and Web Services Tools from Altova
- Products » Enterprise | N-Stalker The Web Security Specialists
- SecuBat Vulnerability Scanner
- skipfish – web application security scanner – Google Project Hosting
- Websecurify | Web Application Security Scanner and Manual Penetration Testing Tool
- website monitoring KeepNI
- Wapiti – Web application security auditor
- Web Application Firewall, Affordable Industry Leading Web Security
- Imperva ThreatRadar – Reputation-Based Security for Automated Attacks
- Radware AppWall: Web Application Security and Compliance Solution
- Intrusion Detection and Prevention, Security Data Analytics, Personal Firewall – Privacyware
- Web Application Security, Web Application Firewall
-
12 XSS
- What is Cross Site Scripting (XSS) | Cross-Site Scripting Examples and Information
- XSS (Cross Site Scripting) Prevention Cheat Sheet – OWASP
- [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles – Web Application Security Consortium
- Common Security Mistakes in Web Applications – Smashing Magazine
- The Cross-Site Scripting (XSS) FAQ
-
12 Attacks
- The Web Application Security Consortium / Threat Classification
- The Web Application Security Consortium / Web-Hacking-Incident-Database
- Top 10 attacks – OWASP
- OWASP Testing
- Secure Coding Guide: Validating Input
- InformIT: Security Reference Guide > Code Injection Explained
- The Web Application Security Consortium / LDAP Injection
- Preventing HTML form tampering
- CSRF Attacks and Web Forms
- The Cross-Site Request Forgery (CSRF/XSRF) FAQ
- Cookie Poisoning (Definition, Examples, Videos, and Prevention)
- Cookie Poisoning how to.
- The Web Application Security Consortium / Buffer Overflow
- Anatomy of a Web Services Attack | SYS-CON NEWS DESK
- SensePost – J-Baah – Generic HTTP Fuzzer
- The Web Application Security Consortium / XPath Injection
-
12 Defense
- Samoa: Formal Tools for Securing Web Services – Microsoft Research
- Microsoft’s Anti-Cross Site Scripting Security Runtime Engine Sample – AntiXSS 3.1
- The Simplest Security: A Guide To Better Password Practices | Symantec Connect Community
- Port80 Software » Products » PCI Compliant Web App Firewall for IIS Servers