Any good books on web penetration testing?

Any good books on web penetration testing? I'm a web developer and consultant, and I often deal with web application security. Everything I know about penetration testing I've learned in a pretty ad hoc manner, and I think it's time to give myself a bit of a more formal background. I'm familier enough with the concepts (SQL injection, XSS, CSRF, etc.); I even teach classes on those subjects. I've got decent knowledge crypto and digital security in general. I also have a few tools I sorta know how to use (Burp Suite being the main one). But I don't really have any good grasp on the "right" way to actually conduct a formal web penetration test -- I usually just flail around for a while trying different things until I "feel" satisfied. Doesn't really make for a very scientific process, I know. So: any suggestions for books (or any other sort of learning material) on web penetration testing? I'd prefer something more on the advanced side of the spectrum; I'd rather be overwhelmed than bored.
Answer:

The http://www.owasp.org/index.php/Category:OWASP_Testing_Project is a good set of industry standards.

jacobian at Ask.Metafilter.Com Visit the source

Was this solution helpful to you?

Other answers

Yeah, seconding OWASP. You might take a run through their http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project as well.

jquinby

Been working on my CEH cert for the last couple of months. Here's a few good resources. If you want to learn the hands on stuff I highly recommend your get familiar with http://www.remote-exploit.org/backtrack.html Most of the folks I know use this. Also http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html is a decent framework for how to conduct your assessment. Also the http://cve.mitre.org/ is a good reference for vulnerabilities.

white_devil

Related Q & A:

Which are the good books for preparing for Group Discussions?Best solution by answers.yahoo.com
Are there any good books?Best solution by Yahoo! Answers
What are good books to for sewing your own patterns?Best solution by Yahoo! Answers
What good books are there for a thirteen year old girl to read?Best solution by Yahoo! Answers
Does anyone know any good books?Best solution by Yahoo! Answers

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.