Testing your web apps for exploits

 

Overview

iStock-600398598.jpg

Security is a fundamental part of web development, software development or cloud services within an organisation. But often devs, managers and other staff with responsibility don't have the tools or knowledge to take a formal structured approach to minimising risk.

 

Objectives

  • Have developed a working knowledge of frameworks (such as OWASP)

  • Have developed hands-on familiarity with several security assessment tools (specifically ZAP and OWTF)

  • Understand what is required for an application to meet Application Security Verification Standards

  • Understood the principles and value of intruder detection systems and dependency checking

  • Understand security assessment management tools such as the developer guide, code guidelines, and static analysis tools

  • Gain awareness of upcoming security projects

  • Have some practical tools and skills they can immediately apply within their organisation

Tools

  • Zed Attack Proxy (web app vulnerability scanner)

  • Offensive Web Testing Framework

  • Web Testing Environment Project

  • Dependency checking

 Code

  • ModSecurity Core Rule Set Project

  • CSRFGuard Project

  • Appsensor Project

This is a deeper dive with more hands-on content than the overview course

We bring you this course in partnership with Auldhouse