Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
public:secureprogramming [2014-05-27 08:45] – [OWASP tools] petrs | public:secureprogramming [2014-09-11 11:38] – petrs | ||
---|---|---|---|
Line 81: | Line 81: | ||
* Run cmd with Administrator privileges | * Run cmd with Administrator privileges | ||
* peach configuration.xml | * peach configuration.xml | ||
+ | |||
+ | ===== Notes ===== | ||
+ | * Example output for new students: | ||
+ | * Use format of https:// | ||
+ | * High-level metrics: platform... | ||
+ | * Iterative process, highlight to students | ||
+ | * Platform supported | ||
+ | * Properties from Andrii | ||
+ | * IDE integration vs. standalone / server-based tool | ||
+ | * Miro - Coverity experience | ||
+ | * 3 bc works | ||
+ | * Metrics (owasp top 10) | ||
+ | |||
+ | A1 Injection | ||
+ | A2 Broken Authentication and Session Management | ||
+ | A3 Cross-Site Scripting (XSS) | ||
+ | A4 Insecure Direct Object References | ||
+ | A5 Security Misconfiguration | ||
+ | A6 Sensitive Data Exposure | ||
+ | A7 Missing Function Level Access Control | ||
+ | A8 Cross-Site Request Forgery (CSRF) | ||
+ | A9 Using Components with Known Vulnerabilities | ||
+ | A10 Unvalidated Redirects and Forwards | ||
+ | |||
+ | |||
+ | |||
==== OWASP tools ==== | ==== OWASP tools ==== | ||
Line 133: | Line 159: | ||
* [2014] XSS detection toolkit https:// | * [2014] XSS detection toolkit https:// | ||
* TRY | * TRY | ||
+ | * [2014] OWASP ZED Attack Proxy Project https:// | ||
+ | * TRY | ||
+ | * [2014] OSAFT https:// | ||
+ | * ssl testing and auditing tool | ||
+ | * tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations | ||
+ | * try | ||