OWASP Romania Chapter

Similar documents
Notes From The field

Certified Secure Web Application Engineer

CSWAE Certified Secure Web Application Engineer

Feb 28, :01-02:30 Welcome note & Introduction to OWASP : Somen Das, OWASP BBSR Chapter Lead

Application Security for the Masses. OWASP Greek Chapter Meeting 16/3/2011. The OWASP Foundation

Open Web Application Security Project

OWASP Top 10 The Ten Most Critical Web Application Security Risks

Web Application Penetration Testing

N different strategies to automate OWASP ZAP

Getting Ready. I have copies on flash drives Uncompress the VM. Mandiant Corporation. All rights reserved.

Aguascalientes Local Chapter. Kickoff

OWASP ROI: OWASP Austin Chapter. The OWASP Foundation Optimize Security Spending using OWASP

Where we are.. Where we are going!

Developing Secure Applications with OWASP OWASP. The OWASP Foundation Martin Knobloch

Application. Security. on line training. Academy. by Appsec Labs

OWASP ESAPI SwingSet. OWASP 26 April Fabio Cerullo Ireland Chapter Leader Global Education Committee

CIS 700/002 : Special Topics : OWASP ZED (ZAP)

OWASP CISO Survey Report 2015 Tactical Insights for Managers

Introduction to Ethical Hacking

ZAP Innovations. OWASP Zed Attack Proxy. Simon Bennetts. OWASP AppSec EU Hamburg The OWASP Foundation

Security Testing. John Slankas

Andrew van der Stock OWASP Foundation

Ethical Hacking as a Professional Penetration Testing Technique ISSA Southern Tier & Rochester Chapters

In collaborazione con

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

OWASP Review. Amherst Security Group June 14, 2017 Robert Hurlbut.

TRAINING CURRICULUM 2017 Q2

OWASP InfoSec Romania 2013

OWASP Stammtisch #37 Frankfurt,

Welcome to OWASP Bay Area Application Security Summit July 23rd, OWASP July 23 rd, The OWASP Foundation

How to hack and secure your Java web applications

Welcome to the OWASP TOP 10

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

BLACK HAT USA 2013 ADD A CLASS REQUEST FORM INSTRUCTIONS

C1: Define Security Requirements

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

Introduction to OWASP WebGoat and OWTF. by Pawel Rzepa

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

WebGoat Lab session overview

Application security : going quicker

OWASP London Chapter Meeting 27th July 2017

Tobias Gondrom (OWASP Member)

V Conference on Application Security and Modern Technologies

RiskSense Attack Surface Validation for Web Applications

OWASP - SAMM. OWASP 12 March The OWASP Foundation Matt Bartoldus Gotham Digital Science

Web Application Security. Kitisak Jirawannakool Electronics Government Agency (Public Organization)

Penetration Testing. James Walden Northern Kentucky University

Solutions Business Manager Web Application Security Assessment

A Model-Driven Penetration Test Framework for Web Applications

Tools For Vulnerability Scanning and Penetration Testing

Overview of Web Application Security and Setup

Web Applications Penetration Testing

WebGoat& WebScarab. What is computer security for $1000 Alex?

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

OWASP London Chapter Meeting 18th May 2017

Security Course. WebGoat Lab sessions

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center

OWASP Broken Web Application Project. When Bad Web Apps are Good

Ethical Hacker Foundation and Security Analysts Course Semester 2

Application Security Approach

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Presentation Overview

Web 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007

SECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS

SDLC Maturity Models

SECURITY TESTING. Towards a safer web world

hidden vulnerabilities

(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

Sichere Software vom Java-Entwickler

Training on CREST Practitioner Security Analyst (CPSA)

OWASP Top David Caissy OWASP Los Angeles Chapter July 2017

SensePost Training Overview 2011/2012

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Hacking by Numbers OWASP. The OWASP Foundation

Under the hood testing - Code Reviews - - Harshvardhan Parmar

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example

OWASP Application Security Verification Standard (ASVS) Web Application Edition OWASP 03/09. The OWASP Foundation

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Testing from the Cloud: Is the sky falling?

Project Leader Workshop

Web Application Security GVSAGE Theater

Logic Vulnerabilities in ecommerce Web Applications

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

Bank Infrastructure - Video - 1

Application Security Training Program

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

CATALOG 2017/2018 BINUS UNIVERSITY. Cyber Security. Introduction. Vision. Mission

Brochure. Security. Fortify on Demand Dynamic Application Security Testing

OWASP Application Security Building and Breaking Applications

Tiger Scheme SST Standards Web Applications

The Need for Confluence

Non conventional attacks Some things your security scanner won t find OWASP 23/05/2011. The OWASP Foundation.

Automated Web Foo or FUD? OWASP Day. The OWASP Foundation David Kierznowski IT Security Analyst

UC Secure Software Development Standard

Development*Process*for*Secure* So2ware

The PKI Lie. The OWASP Foundation Attacking Certificate Based Authentication. OWASP & WASC AppSec 2007 Conference

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Architecture-Driven Penetration Testing against an Identity Access Management (IAM) System

Transcription:

OWASP EU Tour Bucharest 2013 The OWASP Foundation http://www.owasp.org OWASP Romania Chapter Chirita Ionel Application Security Analyst @ EA Romania Chapter Board Member chirita.ionel@gmail.com Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.

Romanian Chapter - Europe Tour 2013 - Agenda Penetration Testing - a way for improving our cyber security Android reverse engineering: understanding third-party applications The Trouble with Passwords Hacking the ViewState in ASP.NET Do you "GRANT ALL PRIVILEGES..." in MySQL/MariaDB/Percona Server? 2

Who / What is OWASP? The Open Web Application Security Project 3

OWASP!n Numbers 190 + local chapters Over 30K mailing list users 12 & counting years of service 55+ paid Corporate Members 2000 individual members from 70 countries 53+ Academic Supporters 88+ Government & industry citation 4 Global AppSec Conferences per Year 4

OWASP!n Numbers More than monthly unique visitors & page views. 5

OWASP!n Numbers 6

OWASP!n Numbers 7

OWASP s Core Values: We are 8

OWASP s Core Values: is our thinking 9

OWASP s Core Values: We support 10

OWASP s Core Values: is our creed 11

Founded in 2011 by Claudiu Constantinescu 3 meeting organized yet, more to come OWASP Romania Chapter v2.0 December 2012 We are ~ 100 people on mailing list 40 member on linked in group, not yet a member Join Now! 12

OWASP Projects are distributed in 3 categories Protect Documents & Tools used to prevent design and implementation flaws. Detect Documents & tools created to identify design and implementation flaws. Lifecycle tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC). http://www.owasp.org/index.php/category:owasp_project 13

OWASP Projects Protect: Detect: Life Cycle: ESAPI ModSecurity Security guides Appsec Tutorials Secure Coding Practices Webscarab Zed Attack Proxy JBroFuzz Code review guide Cheat Sheet Series Live CD SAMM WebGoat Legal Project 14

OWASP Top 10 http://www.owasp.org/index.php/top_10 15

OWASP Top 10 Risk Rating Methodology To determine the risk to your organization, you can evaluate the likelihood associated with each threat agent, attack vector, and security weakness, when they rich boiling point add technical and business impact flavor taking in consideration your organization. 16

OWASP Code Review Guide Most effective technique for identifying security flaws. Focuses on the mechanics of reviewing code for certain vulnerabilities. A key enabler for the OWASP fight against software insecurity. v2 January 2014 https://www.owasp.org/index.php/category:owasp_code_review_project 17

OWASP Testing Guide Web application penetration test framework. what, why, when, where, and how of test an web application More than a checklist v4 in progress. https://www.owasp.org/index.php/owasp_testing_project 18

OWASP Cheat Sheet Series https://www.owasp.org/index.php/cheat_sheets 19

OWASP Zed Attack Proxy (ZAP) ZAP Proxy is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Flagship OWASP Project Cross platform tool Features: Intercepting proxy Port scanner Brute force tool Spider Fuzzer Automatic & passive scanner 20

OWASP WebGoat Java Project Deliberately vulnerable J2EE web application Guide for secure programming Realistic teaching environment More than 30 hands on lessons including: XSS Access control SQLi Hidden form manipulation Weak session cookies + many more. 21

Webscarab Java based framework used for analyzing web applications and web services that communicate over http & https https://www.owasp.org/index.php/category:owasp_webscarab_project 22

This is a part of what OWASP offers 23

What about you? OPEN our door, join as a member Innovate and participate in an OWASP project Attend GLOBAL OWASP AppSec series conference Act with INTEGRITY 24

What next? Consider Donating Attending local chapter regular meeting Contributing to an OWASP project Developers, beta testers, etc. Attend on Europe OWASP AppSec series Conference 25

Affiliation and Membership Categories of Membership and Supporters: Individual Supporters Single Meeting Supporter Event Sponsorship Organization Supporters Accredited University Supporters 26

Benefits? Ethics and principals of OWASP Foundation Underscore your awareness of web application software security Attend OWASP conferences at a discount Expand your personal network of contacts Support a local chapter of your choice Get your @owasp.org email address Have individual vote in elections https://owasp.org/index.php/membership 27

OWASP Romania

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback