| Websites | Introduction |
|---|---|
| OWASP | Open Web Application Security Project is an open community and nonprofit organization, with almost ten thousand members in 130 branches all over the world at present. The Project is mainly targeted on providing solutions to Web software security standards, tools and technical documents via researches and discussions, assisting governments and enterprises to understand and improve security of the Web applications and Web services. |
| Cloud Security Alliance | Cloud Security Alliance (CSA) was established and announced on RSA conference in 2009. Upon the establishment, CSA soon won a wide recognition in the industry. At present, CSA has built up partnership with organizations such as ISACA and OWASP, with many international leading companies jointed as its members. Upon being established, cloud security guidelines and its development released by CSA has become remarkable safety activities in the field of cloud computing. |
| Tool | Introduction |
|---|---|
| Fortify | Static code security scanning tools |
| Checkmarx | Static code security scanning tools |
| OWASP Dependency Check | Third-party dependency security scanning tools |
| Victims | Third-party dependency scanning tools |
| SQLMAP | SQL Injection scanning tools |
| Acunetix | Web system vulnerability scanning tools |
| OWASP ZAP | Web system vulnerability scanning tools |
| Burp Suite | Web system vulnerability scanning tools |
| N-Stalker | Web system vulnerability scanning tools |
| Nmap | Server port scanning tools |
| Metasploit | Vulnerability discovery tool |
| Wireshark | Network packet sniffer tools |
| THC Hydra | Password cracker |
| Aircrack-ng | Password cracker |
| John The Ripper | Password cracker |
| Website | Introduction |
|---|---|
| NVD | NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics. |
| WooYun (Closed) | WooYun, is a feedback platform for security issues between manufacturers and security researchers, providing a rich security vulnerability database. |
| CNNVD | "China National Vulnerability Database of Information Security", also "CNNVD" for short, is established by CNITSEC to earnestly implement the functions of vulnerability analysis and risk assessment, and responsible for their construction, operation and maintenance. |
| Name | Author |
|---|---|
| The Web Application Hacker's Handbook Second Edition. | Dafydd Stuttard, Marcus Pinto, 2011 |
| Fuzzing Brute Force Vulnerability Discovery. | Michael Sutton, Adam Greene, 2007 |
| 白帽子讲Web安全 | Han Qingwu, 2014 |
| iOS Hacker's Handbook | Charlie Miller, Dion Blazakis, 2012 |
| Android Hacker's Handbook | Joshua J. Drake、 Zach Lanier, 2014 |
| Threat Modeling | Adam Shostack, 2014 |
| OWASP Code Review | OWASP Foundation, 2009 |
| OWASP Testing Guide | OWASP Foundation, 2009 |
| Software Assurance Maturity Model(SAMM) | OpenSAMM Project, 2009 |
| Automated Threat Handbook. | OWASP Foundation, 2015 |
| Security Development Lifecycle | a set of software security development processes proposed by Microsoft |
| OWASP Top 10 2013 | Top 10 Web application security risks released by OWASP in 2013 |
| OWASP Top 10 Mobile Risks 2014 | Top 10 Mobile application security risks released by OWASP in 2014 |
| OpenSAMM | Software assurance maturity model |