Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
public:secureprogramming [2014-05-27 08:47] – [OWASP tools] petrspublic:secureprogramming [2014-09-11 11:38] petrs
Line 81: Line 81:
     * Run cmd with Administrator privileges     * Run cmd with Administrator privileges
       * peach configuration.xml       * peach configuration.xml
 +
 +===== Notes =====
 +  * Example output for new students:
 +    * Use format of https://is.muni.cz/auth/th/396518/fi_b/bp.pdf as an example
 +    * High-level metrics: platform...
 +    * Iterative process, highlight to students
 +    * Platform supported
 +    * Properties from Andrii
 +    * IDE integration vs. standalone / server-based tool
 +  * Miro - Coverity experience
 +  * 3 bc works
 +  * Metrics (owasp top 10)
 + 
 +    A1 Injection
 +    A2 Broken Authentication and Session Management
 +    A3 Cross-Site Scripting (XSS)
 +    A4 Insecure Direct Object References
 +    A5 Security Misconfiguration
 +    A6 Sensitive Data Exposure
 +    A7 Missing Function Level Access Control
 +    A8 Cross-Site Request Forgery (CSRF)
 +    A9 Using Components with Known Vulnerabilities
 +    A10 Unvalidated Redirects and Forwards
 +
 +
 +
  
 ==== OWASP tools ==== ==== OWASP tools ====
Line 135: Line 161:
   * [2014] OWASP ZED Attack Proxy Project https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project   * [2014] OWASP ZED Attack Proxy Project https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
     * TRY     * TRY
-  * OSAFT https://www.owasp.org/index.php/O-Saft+  * [2014] OSAFT https://www.owasp.org/index.php/O-Saft
     * ssl testing and auditing tool     * ssl testing and auditing tool
 +    * tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations
     * try     * try