(ISC)², “Ten Best Practices for Secure Software Development”

www.isc2.org/uploadedFiles/(ISC)2_Public_Content/Certification_Programs/CSSLP/ISC2_WPIV.pdf

On the web site of the International Information Systems Security Certification Consortium, or (ISC)2, you will find this article about the best practices for securely developing applications.

(ISC)², The Official (ISC)² Guide to the CISSP CBK, 3rd Edition

This training guide is for the (ISC)² CISSP certification exam. It contains a lot of material relevant to information security.

Harold F. Tipton and Steven Hernandez, Official (ISC)² Guide to the CISSP CBK, 3rd Edition (Boca Raton, FL: CRC)

ISACA, “Common Web Application Vulnerabilities”

www.isaca.org/Journal/Past-Issues/2005/Volume-4/Pages/Common-Web-Application-Vulnerabilities1.aspx

This page on ISACA’s web site explains common types of web application security risks and the associated best practices to avoid them.

Microsoft, “Basic Security Practices for Web Applications”

http://msdn.microsoft.com/en-us/library/zdh19h94(v=vs.100).aspx

This page on the Microsoft Developer Network web site is about good security practices for developing and managing web applications.

NIST, National Vulnerability Database

http://web.nvd.nist.gov/view/vuln/search

On the National Institute of Standards and Technology’s web site, you will find the National Vulnerability Database, where you can search for software flaws (CVEs) and misconfigurations (CCEs).

OWASP, “2013 Top 10 List”

www.owasp.org/index.php/Top_10_2013-Top_10

This web page the Open Web Application Security Project (OWASP) web site identifies the top 10 most critical web application security flaws and links to tables identifying relevant factors for each, such as threat agents and attack vectors.

OWASP, “Secure Coding Cheat Sheet”

www.owasp.org/index.php/Secure_Coding_Cheat_Sheet

This page on the OWASP web site pertains to how to securely code a web site.

OWASP, “Web Application Firewall”

www.owasp.org/index.php/Web_Application_Firewall

This page on the OWASP site is about web application firewall technology.

SANS Institute, “Framework for Secure Application Design and Development”

www.sans.org/reading_room/whitepapers/application/framework-secure-application-design-development_842

This page from the SANS Institute Reading Room site addresses the practice of secure application design and development, and presents a framework to assist developers.

Stanford University, “State of the Art: Automated Black-Box Web Application Vulnerability Testing”

http://theory.stanford.edu/~jcm/papers/pci_oakland10.pdf

This paper, published on the Stanford Theory Group site, describes vulnerability scanners used for testing web applications.

University of California, “Secure Coding Practice Guidelines”

https://security.berkeley.edu/content/application-software-security-guidelines?destination=node/403

This page on the Berkeley Security web site pertains to secure coding practices.

University of Pennsyvania, “Top 10 Web Application Security Vulnerabilities”

www.upenn.edu/computing/security/swat/SWAT_Top_Ten_A8.php

This page on the Penn Computing web site describes what it considers to be the top 10 web application security vulnerabilities.