iStock-871028656.jpg

OWASP Devs

Overview

OWASP (Open Web Application Security Project) is a global industry standard framework to develop and produce secure web applications. The OWASP framework includes both high level content (such as their annual report on the top 10 web vulnerabilities) and low-level tools for developers to automatically evaluate the security of their apps against known vulnerabilities.

Objectives

Course Completion

  • Assess the security of web applications using best-practice OWASP tools
  • Explain the details of common exploits and assess whether systems are exposed to them or not
  • Understand a development processes for creating secure web applications

 Tools

  • Zed Attack Proxy (web app vulnerability scanner)
  • Web Testing Environment Project
  • Offensive Web Testing Framework
  • Dependency check

Code

  • ModSecurity Core Rule Set Project

 Documentation

  • Top Ten Project
  • Testing Guide project
  • Includes a high level discussion on other, less mature OWASP tools