- http://www.owasp.org/index.php/Feed - OWASP AppSec Feed (if you only follow one XML feed, follow this one)
- http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project - OWASP Top 10 Document (should be mandatory reading for everybody)
- http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project - Vulnerable Web Application in J2EE (designed as a learning tool)
- http://code.google.com/p/owasp-hacmebank/downloads/list - Vulnerable Web Application in .NET (designed as a banking application)
- http://www.owasp.org/index.php/OWASP_Testing_Project - OWASP Testing Guide (provides good foundation for Security focused testing)
- http://www.owasp.org/index.php/Category:OWASP_Legal_Project - Great document that shows an example of a what should exist (from a security point of view) on a software development contract
- http://www.opensamm.org/ - A Maturity Model based of what companies should be doing (this a type of SDL)
- http://bsimm.com/ - A Maturity Model based on what a number of large companies are doing
- http://blogs.msdn.com/b/sdl/archive/2011/01/26/only-16-security-practices-implementation-guidance-included.aspx - Good '16 steps to have an SDL' guidance from Microsoft
- http://o2platform.com , http://o2platform.wordpress.com/ - Info about the O2 Platform
- http://jeremiahgrossman.blogspot.com/ - Great application Security Blog (from WhiteHat founder)
- http://1raindrop.typepad.com/1_raindrop/ - Great application Security Bog
A personal blog about: transforming Web Application Security into an 'Application Visibility' engine, the OWASP O2 Platform, Application/Data interoperability and a lot more
Tuesday 1 February 2011
list of application security links
A client asked me to recommend a list of application security links. So here they are: