Guidlines for Testing Web Applications

All,

I am a Business Analyst/Trainer at the company where I work. I am now required to assist in the testing of web applications with the focus on the security aspect. Where as I have experience in testing, I have no experience in security as it relates to web applications. Can you help me? When testing a web application with focus on security what do I look for? Are there any written guidelines that I should follow? So far I have been researching SSL and SQL Injections. Any ideas?

NOTE:
I am a fast learner. :-) Received on Thu Mar 20 13:14:38 2003