http://www.owasp.org/index.php/Category:How_To
There are all the how to's happy testing. You might wanna look into software from Appsec or HP Offerings to take a look at web application security flaws. There are others out there also. Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 ________________________________ From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2008 10:23 AM To: NT System Admin Issues Subject: RE: Website security checking service Also look at OWASP site, which is more focused on web/application/SQL layer security and mitigation than SANS is, IMHO. http://www.owasp.org/index.php/OWASP_Top_Ten_Project Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 ________________________________ From: Glen Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2008 8:48 AM To: NT System Admin Issues Subject: RE: Website security checking service Here is a good link from SANS http://www.sans.org/top20/ From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2008 8:19 AM To: NT System Admin Issues Subject: Website security checking service Hi chaps, Can anyone recommend a website checking service that will check websites on a regular basis for security issues and report back ? One of our clients suffered an SQL injection attack this week, and on their new rebuilt server they are keen to get some element of reporting as to when any possible issues may be presented to visitors, or to be made aware as to when flaws are found in the sites. The sites change regularly and multiple teams work on any one site so a site that was once tight-as-a-nut may, the next week, be made in-secure by the action of another team. Olly -- G2 Support Online Backups Email: [EMAIL PROTECTED] Web: http://www.g2support.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
