|
|
 |
Print: $14.86 Download: FREE
 Download for Free |
 |
Print: $6.85
|
 |
Print: $15.75 Download: FREE This book contains 3 separate documents created by OWASP's community: The OWASP Top 10 2007, The OWASP Testing Guide v2.0 and The OWASP Secure Software Contract Annex.
Download for Free |
 |
Print: $6.60 Download: FREE The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing application security verification using a commercially-workable open standard. This standard can be used to establish a level of confidence in the security of web applications and web services.
For more information, please check out the project home page at OWASP Application Security Verification Standard (ASVS) Project.
Download for Free |
![Software Assurance Maturity Model (SAMM) [B&W]](http://www.lulu.com/items/volume_64/6899000/6899402/1/preview/promo_6899402.jpg) |
Print: $7.90 [BLACK & WHITE] The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in: (1) Evaluating an organization’s existing software security practices, (2) Building a balanced software security program in well-defined iterations, (3) Demonstrating concrete improvements to a security assurance program, and (4) Defining and measuring security-related activities within an organization.
SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development. Additionally, this model can be applied organization-wide, for a single line-of-business, or even for an individual project.
As an open project, SAMM content shall always remain vendor-neutral and freely available for all to use. See http://www.opensamm.org for more.
|
 |
Print: $24.70 The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in: (1) Evaluating an organization’s existing software security practices, (2) Building a balanced software security program in well-defined iterations, (3) Demonstrating concrete improvements to a security assurance program, and (4) Defining and measuring security-related activities within an organization.
SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development. Additionally, this model can be applied organization-wide, for a single line-of-business, or even for an individual project.
As an open project, SAMM content shall always remain vendor-neutral and freely available for all to use. See http://www.opensamm.org for more.
|
 |
Print: $6.70 Download: FREE The AppSensor document is a conceptual framework that offers prescriptive guidance to implement intrusion detection capabilities into existing application utilizing standard security controls and recommendations for automated response policies based upon detected behaviour. When using AppSensor, an application will be able to identify malicious users within the application and eliminate the threat by taking response action such as logging out the user, locking the account or notifying an administrator.
An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.
For more information, please check out the project home page at OWASP AppSensor Project.
Download for Free |
 |
Print: $6.80 Download: FREE The last security guide for Rails was a great success, with a lot of more secure web applications and continued awareness in the community of security issues. The Ruby on Rails Security Project is the one and only source of information about Rails security topics, and I keep the community up-to-date with blog posts and conference talks in Europe. The Guide and the Project has been mentioned in several Rails books and web-sites.
A lot has changed since the publishing of the first Guide. Some new security holes have been found, there are new advises and most importantly Rails version 2.0 has been released. The new Ruby on Rails Security Guide aims at providing an up-to-date coding and configuration guide for the Rails community.
For more information, please check out the project home page at OWASP Ruby on Rails Security Guide V2.
Download for Free |
 |
Print: $10.45 Download: FREE This project aims to improve and to collect the existent information about the backend security. The project is composed by three sections (security development, security hardening and security testing). The aim is to define the guidelines for the companies and IT professionals working in the security field into processes development and back-end components management/testing in the enterprise architecture.
For more information, please check out the project home page at OWASP Backend Security Project.
Download for Free |
 |
Print: $14.85 Download: FREE The OWASP Testing Guide (2009 Version 3.0) includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
OWASP Testing Guide v3 is a 349 page book; we have split the set of active tests in 9 sub-categories for a total of 66 controls to test during the Web Application Testing activity.
For more information, please check out the project home page at OWASP Testing Guide V3.0 Project.
Download for Free |
 |
Print: $11.35 Download: FREE The Code Review Guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.
Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0.
For more information, please check out the project home page at OWASP Code Review Guide V1.1.
Download for Free |
 |
Print: $8.75 Download: FREE The purpose of this project is to create custom Modsecurity rulesets that, in addition to the Core Set, will protect WebGoat 5.1 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. To ensure that it will be a complete 'no touch' on WebGoat and its environment, ModSecurity will be configured on Apache server as a remote proxy server. For those vulnerabilities that cannot be prevented (partially or not at all), I will document my efforts in attempting to protect them. Business logic vulnerabilities will be particularly challenging to solve.
For more information, please check out the project home page at OWASP Securing WebGoat using ModSecurity Project.
Download for Free |
 |
Print: $7.78 Download: FREE The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing application security verification using a commercially-workable open standard. This standard can be used to establish a level of confidence in the security of web applications and web services.
For more information, please check out the project home page at OWASP Application Security Verification Standard (ASVS) Project.
Download for Free |
 |
Print: $14.15 Download: FREE For more information, please check out the project home page at OWASP Testing Guide Project.
Download for Free |
 |
Print: $5.80
|
 |
Print: $6.60 Download: FREE
Download for Free |
 |
Print: $20.45 Download: FREE This project is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved.
For more information please check the OWASP Foundation's website - OWASP Application Security Desk Reference (ASDR) Project.
Download for Free |
 |
Print: $4.33 Download: FREE
Download for Free |
 |
Print: $9.13 Download: FREE
Download for Free |
 |
Print: $2.71 Download: FREE
Download for Free |
 |
Print: $3.43 Download: FREE
Download for Free |
 |
Print: $7.53 Download: FREE
Download for Free |
 |
Print: $7.29 Download: FREE
Download for Free |
 |
Print: $12.83
|
These books are provided AT COST and OWASP is not making any profit with these sales.
These are VIRAL books so you can make as many copies as you want and freely distribute them.
For any queries related to these books please contact dinis.cruz at owasp.net.
OWASP Website: www.owasp.org
|
|
