Page History
...
| Resource | Notes | Link(s) |
|---|---|---|
| Threat Risk Modeling Process by OWASP | "A brief guide to different types of threat modeling during the application development and deployment process. structured approach to application threat modeling that enables you to identify, quantify, and address the security risks associated with an application." | https://www.owasp.org/index.phpwww-community/Threat_RiskModeling_Modeling Process |
| Threat Modeling book by Adam Shostack | A book of material on how to properly perform threat modeling for a number of scenarios. The author also offers training courses. | https://threatmodelingbook.com |
| Open Web Application Security Project (OWASP) Secure Coding Guide | A short guide for secure coding principles specifically tailored for web applications. | https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide |
CERT Secure Coding Standards | Secure coding standards should be followed to avoid vulnerabilities as much as possible. CERT provides coding standards for common web application programming languages like Java and Perl. Note that the standards were developed for general usage, and not all rules may apply to web applications. | https://www.securecoding.cert.org/ |
The Basics of Web Application Security | Summary of important web application secure development practices. | https://martinfowler.com/articles/web-security-basics.html |
| Basic Security Practices for Web Applications | Microsoft web application security advice. | https://msdn.microsoft.com/en-us/library/zdh19h94.aspx |
...
Overview
Content Tools