The OWASP Testing Guide is a great start. Free PDF: http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf
Or buy the very reasonable paperback: http://www.lulu.com/product/paperback/owasp-testing-guide/5310589 The Web Application Hackers Handbook is great too. http://portswigger.net/wahh/ Ryan Dewhurst blog www.ethicalhack3r.co.uk projects www.dvwa.co.uk | www.webwordcount.com twitter www.twitter.com/ethicalhack3r On Wed, Jul 13, 2011 at 6:23 PM, Champ Clark III [Softwink] <[email protected]> wrote: > > Hello all, > > I have a friend how is a fairly experienced programmer > (C/PHP/Perl). He's recently graduated and received his engineering > degree. However, he's not having a lot of luck finding jobs in that > market in his area. > > Anyways, long story short, he's become interested in AppSec. > Mostly from a testing stand point. While he is a programmer, he's > never done any such AppSec work. > > Does anyone know of any good starter books for him? Or possibly > good reference material I could pass on to him. Thanks > > -- > Champ Clark III | Softwink, Inc | 800-538-9357 x 101 > http://www.softwink.com > > GPG Key ID: 58A2A58F > Key fingerprint = 7734 2A1C 007D 581E BDF7 6AD5 0F1F 655F 58A2 A58F > If it wasn't for C, we'd be using BASI, PASAL and OBOL. > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
