My company has written a HTTP proxy that takes the original website page and translates it. Think something along the lines of the web translation service provided by Google, Bing, etc.

I am in the middle of security testing of the service and associated website. Of course there is going to be a million attacks or misuses of the site that I haven’t yet thought of. Additionally I don’t want our site to become a vector that allows anonymous attacks against third party sites. Since this site will be subject to many eyes from the day it is opened, ensuring the security of both our service and the sites visited by our service is concerning me.

Can anyone point me to any online or published information for security testing. e.g. good lists of attacks to be worried about, security best practices for creating web sites/proxies/etc. I have a good general understanding of security issues (XSS, CSRF, SQL injection, etc). I’m more looking for resources to help me with the specifics of creating tests for security testing.

Any pointers?

Seen:

• https://www.owasp.org/index.php/Top_10
• https://stackoverflow.com/questions/1267284/common-website-attack-methods-detection-and-recovery