Web Application Security
Complex applications security testing framework Nov 28 2009 09:47PM
Marat VYSHEGORODTSEV (marat vyshegorodtsev gmail com) (1 replies)
Hello, web security researchers!

There is well known methodology for auditing security of web
applications called OWASP Testing Guide [0], but it describes testing
procedures for only web applications, not for, like, complex
applications (for example, containing application servers, application
gateways and so on) usually written in C#, C++, Delphi or any other
non-scripting language. Would you, folks, recommend such a framework
for testing complex not-web-only-applications?

I know only one approach from SANS [1] (Top25, CWE classification and
risk assessment), but it doesn't provide comprehensive methodology
like OWASP does. Basically I want to fill a gap between risk and
vulnerability assessment jobs and I'm looking for generally recognized
approach.

[0] http://www.owasp.org/index.php/Category:OWASP_Testing_Project
[1] http://www.sans.org/top25-programming-errors/

Sincerely, Marat Vyshegorodtsev
Assessment specialist

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
Re: Complex applications security testing framework Nov 29 2009 04:10PM
chr1x (chr1x sectester net) (1 replies)
Re: Complex applications security testing framework Nov 29 2009 06:48PM
Marat VYSHEGORODTSEV (marat vyshegorodtsev gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus