Testing your web apps for exploits

 

Overview

iStock-600398598.jpg

Security is a fundamental part of web development, software development or cloud services within an organisation. But often devs, managers and other staff with responsibility don't have the tools or knowledge to take a formal structured approach to minimising risk.

 

Objectives

  • Have developed a working knowledge of frameworks (such as OWASP)
  • Have developed hands-on familiarity with several security assessment tools (specifically ZAP and OWTF)
  • Understand what is required for an application to meet Application Security Verification Standards
  • Understood the principles and value of intruder detection systems and dependency checking
  • Understand security assessment management tools such as the developer guide, code guidelines, and static analysis tools
  • Gain awareness of upcoming security projects
  • Have some practical tools and skills they can immediately apply within their organisation 

Tools

  • Zed Attack Proxy (web app vulnerability scanner)
  • Offensive Web Testing Framework
  • Web Testing Environment Project
  • Dependency checking

 Code

  • ModSecurity Core Rule Set Project
  • CSRFGuard Project
  • Appsensor Project

This is a deeper dive with more hands-on content than the overview course

We bring you this course in partnership with Auldhouse