Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
public:secureprogramming [2014-09-11 11:51] – [OWASP tools] petrspublic:research:secprog:secureprogramming [2014-12-26 17:24] – Page moved from public:secureprogramming to public:research:secprog:secureprogramming mukrop
Line 90: Line 90:
     * Properties from Andrii     * Properties from Andrii
     * IDE integration vs. standalone / server-based tool     * IDE integration vs. standalone / server-based tool
-  * Miro - Coverity experience +  * Coverity experience 
-  * 3 bc works+  * 3 bc theses 
 +    * Use owasp tools, test against vulnerable apps, evaluate 
 +    * Implement personalized testing scenarios inside given framework (he Web Application Hacker's Handbook scenarios) 
 +      * multiple scenarios, every week demonstration of progress 
 +    * Vulnerability scanners - Nessus, Metasploit...
   * Metrics (owasp top 10)   * Metrics (owasp top 10)
    
Line 133: Line 137:
     * TRY     * TRY
   * [2014] OWASP OWTF, the Offensive (Web) Testing Framework https://www.owasp.org/index.php/OWASP_OWTF    * [2014] OWASP OWTF, the Offensive (Web) Testing Framework https://www.owasp.org/index.php/OWASP_OWTF 
 +  * [2014] XSS detection toolkit https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework
 +    * TRY
 +  * [2014] OWASP ZED Attack Proxy Project https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
 +    * TRY
 +  * [2014] OSAFT https://www.owasp.org/index.php/O-Saft
 +    * ssl testing and auditing tool
 +    * tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations
 +    * try
  
 ==== Vulnerable app / distro / hackme challenges ==== ==== Vulnerable app / distro / hackme challenges ====
Line 149: Line 161:
     * vulnerable app, challenges     * vulnerable app, challenges
     * TRY     * TRY
 +  * [2013] OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
 +    * TRY
 +    * security teaching application, CTF
  
 ==== Security-supporting library ==== ==== Security-supporting library ====
Line 169: Line 184:
  
  
-  * [2013] OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd 
-    * TRY 
-    * security teaching application, CTF 
-  * [2014] XSS detection toolkit https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework 
-    * TRY 
-  * [2014] OWASP ZED Attack Proxy Project https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project 
-    * TRY 
-  * [2014] OSAFT https://www.owasp.org/index.php/O-Saft 
-    * ssl testing and auditing tool 
-    * tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations 
-    * try