I put together some links/books and thought I should share them with my readers:
- Code Reviewing Web App Framework Based Applications: probably the best read for web stuff at the moment.
- The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities: The Bible... Whatever you do (code review, pentest...), you should read this book.
- The NIST examples of vulnerable code in Java/C/C++
- The hidden pitfalls in automatic source code review: interesting
- Understanding iOS 4 Backgrounding and Delegate Messaging: handy to understand where to look when auditing IOS applications and to get a clear picture of how IOS apps work.
- MDsec put together a really good paper on IOS applications
- Brakeman homepage: I spent some time reading the source code of this scanner for RoR, really interesting project :)
- graudit: really handy to gather dangerous function names in most languages
- Pro ASP.NET MVC 3 Framework: I read that 2 years ago, the chapter 21 on Security is a good introduction
- xorl %eax, %eax has some really good explanation on published vulnerabilities (especially on Linux Kernel bugs)
I will do more posts when I found worthy things ;) If you have good links or books you recommend, leave them in comments :)
I'm also thinking of creating some exercises on (web or/and mobile) code review for PentesterLab.
No comments:
Post a Comment