Web App Security Standards except OWASP & SANS
79 views
Skip to first unread message
dinesh kumar
May 22, 2014, 6:25:17 AM5/22/14
to null-...@googlegroups.com
Hi Guys,
I have gone through the constraints of security standards like OWASP and SANS.
My question is apart from these standards, is there any other advance testing terminologies that more specific to the e-commerce applications. Kindly let me know.
Thanks and Regards
Dinesh kumar M
I have gone through the constraints of security standards like OWASP and SANS.
My question is apart from these standards, is there any other advance testing terminologies that more specific to the e-commerce applications. Kindly let me know.
Thanks and Regards
Dinesh kumar M
Naresh Annangar
May 22, 2014, 10:07:35 AM5/22/14
to null-...@googlegroups.com
For e-commerce applications, especially if you are handling credit cards, you should look at PCI-DSS.
--
n.
--
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Akash
May 22, 2014, 11:48:39 PM5/22/14
to null-...@googlegroups.com
PCI DSS recommends OWASP for application security.
@Dinesh--
Warm regards,
Akash Mahajan
That Web Application Security Guy | +91 99 805 271 82
akashm.com | @makash on twitter | linkd.in/webappsecguy
OWASP Bangalore Chapter Lead | null Community Manager
Warm regards,
Akash Mahajan
That Web Application Security Guy | +91 99 805 271 82
akashm.com | @makash on twitter | linkd.in/webappsecguy
OWASP Bangalore Chapter Lead | null Community Manager
dinesh kumar
May 23, 2014, 12:03:17 AM5/23/14
to null-...@googlegroups.com
Hi
I'm sorry Akash, I too mean the same, I have used the OWASP Top 10 and SANS/CWE Top 25 methods, but the my question is apart from these any other specific methods as like as OWASP Top 10 or SANS/CWE TOp 25 to the payment gateway integrated web application.
Please help.
Thanks
I'm sorry Akash, I too mean the same, I have used the OWASP Top 10 and SANS/CWE Top 25 methods, but the my question is apart from these any other specific methods as like as OWASP Top 10 or SANS/CWE TOp 25 to the payment gateway integrated web application.
Please help.
Thanks
c0nsoul
May 23, 2014, 1:10:51 AM5/23/14
to null-...@googlegroups.com
Hi,
If you want to Audit payment gateway then you can check this one for reference.
https://www.youtube.com/watch?v=gNkrUngGVsU
Regards
If you want to Audit payment gateway then you can check this one for reference.
https://www.youtube.com/watch?v=gNkrUngGVsU
Regards
Akash
May 23, 2014, 2:40:30 AM5/23/14
to null-...@googlegroups.com
This document is what you should read first.
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
From this you can dervice which framework you would like to use for classifying vulnerabilities found. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
There are multiple pen testing frameworks you can use.
You can start with https://www.owasp.org/index.php/Web_Application_Penetration_Testing
This link in itself is not complete and only offers a broad over view. Refer to the OWASP Testing Guide version 3 and version 4 for more details.
Reply all
Reply to author
Forward
0 new messages