OWASP Site Generator Refresh

Slides:

Advertisements

Similar presentations

Module 1: Creating Responsive Pages with Ajax Creating Partial-Page Updates by Using AJAX Scripting Actions on the Web Client.

Advertisements

M-V-C for web applications. Model for Web Applications model consists of data and system state database tables –persistent data session information –current.

1 A Test Automation Tool For Java Applets Testing of Web Applications TATJA Program Demonstration Conclusions By Matthew Xuereb.

Microsoft Office SharePoint Portal Server 2007 Introduction to InfoPath Forms Services Daryl L. Rudolph.

Teachable Static Analysis Workbench by Igor Konnov, Dmitry Kozlov.

Hacking Web Servers April 15, 2010 MIS 4600 – MBA © Abdou Illia.

OWASP Broken Web Applications (OWASP BWA): Beyond 1.0

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Model-View-Controller ("MVC") This is a architectural design pattern for interactive applications. This design pattern organizes an interactive application.

28/1/2001 Seminar in Databases in the Internet Environment Introduction to J ava S erver P ages technology by Naomi Chen.

1 Classic ASP vs. ASP.NET Technical Information and Market Adoption Lance Welker University of San Diego Dr. Rebman MSIT 526 December 20, 2005.

DT228/3 Web Development JSP: Directives and Scripting elements.

Application Architectures Vijayan Sugumaran Department of DIS Oakland University.

UNIT-V The MVC architecture and Struts Framework.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

ITP 104.  How the web as a medium is perceived and used, and how that evolution of the web has affected and changed us  What do you do on the Web? 

CSCI 6962: Server-side Design and Programming Course Introduction and Overview.

CIS 375—Web App Dev II ASP.NET 2 Introducing Web Forms.

Dynamic Web Sites Chris North cs3724: HCI. Presentations matt ketner, sam altman, mike gordon Vote: UI Hall of Fame/Shame?

Basics of Web Databases With the advent of Web database technology, Web pages are no longer static, but dynamic with connection to a back-end database.

Access Control Rules Tester Andrew Petukhov Department of Computer Science Moscow State University

Distributor Retailer Management System  Fenil Bhoot(09it023)  Vivek Bhoraniya(09it032)  Uttam Kasundara(09it053 ) Guided By: Kinnari Vaishnav Presented.

Universiti Utara Malaysia Chapter 3 Introduction to ASP.NET 3.5.

Lecturer: Prof. Piero Fraternali, Teaching Assistant: Alessandro Bozzon, Advanced Web Technologies: Struts–

Implementation - Part 2 CPS 181s March 18, Pieces of the Site-building Puzzle Page 180, figure 4.1.

Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.

Introducing ASP.NET 2.0. Internet Technologies WWW Architecture Web Server Client Server Request Response Network HTTP TCP/IP PC/Mac/Unix + Browser (IE,

Java Web Development with NetBeans IDE －－ Kai Qian Chapter 5 JavaServer Faces (JSF) Technology.

Managing Content with SharePoint 2007 Module 0. Overview  Introduction  About This Course  Course Outline  Using Virtual PC.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Windows SharePoint 2007 Introduction. What is Microsoft SharePoint 2007? Microsoft SharePoint 2007 is the central information sharing and collaboration.

Copyright © 2003 T. Trappenberg Overview B 1 B. Some tools of the trade Module 1 Technology: GR01E - Electronic Commerce Overview.

Chapter 3 JSP Overview. The Problem with Servlets processing the request and generating the response are both handled by a single servlet class Java programming.

The basics of knowing the difference CLIENT VS. SERVER.

Modern Programming Language. Web Container & Web Applications Web applications are server side applications The most essential requirement.

Enterra Web GIS Embedded Flash System. Application Features 1. Dynamic data loading and caching Minimum data transfer on startup Additional data transfer.

Chapter 6 Chapter 6 Server Side Programming (JSP) Part 1 1 (IS 203) WebProgramming (IS 203) Web Programming.

DT228/3 Web Development JSP: Actions elements and JSTL.

10 Copyright © 2004, Oracle. All rights reserved. Building ADF View Components.

APACHE STRUTS ASHISH SINGH TOMAR ast2124. OUTLINE Introduction The Model-View-Controller Design Pattern Struts’ implementation of the MVC Pattern Additional.

Navigation Framework using CF Architecture for a Client-Server Application using the open standards of the Web presented by Kedar Desai Differential Technologies,

CITA 352 Chapter 10 Hacking Web Servers. Understanding Web Applications Writing a program without bugs –Nearly impossible –Some bugs create security vulnerabilities.

Chapter 10 1 Figure 10-1: Database-enabled intranet-internet environment.

Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation Josh Windsor & Dr. Josh Pauli.

Web Application for Home Energy Assistance Program

DYNAMIC CONTENT DELIVERY

Web Application Security

The Web Information Technology Department

Structure of a web application

Handling Errors in Web Applications

Introduction and Principles

FMAnywhere: Getting Started.

Haritha Dasari Josue Balandrano Coronel -

CS5220 Advanced Topics in Web Programming Course Overview

OWASP WebGoat v5 16 April 2010.

OWASP Web Services Project

Security at the Source.

SharePoint Foundation 2010

J2EE Lecture 1:Servlet and JSP

SharePoint Foundation 2010

The need for server pages

CS5220 Advanced Topics in Web Programming Course Overview

ESAPI Design Patterns November 2009 Mike Boberski Booz Allen Hamilton

Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago

Presentation transcript:

OWASP Site Generator Refresh towards Application Security Tool Benchmarking Environment by Dmitry Kozlov

Project goal To evolve OWASP Site Generator (OSG) to become benchmarking environment for web application scanners. This tool should generate source code of a working web application based on a number of inputs, such as the number of pages, types of pages, functions, security controls, and backend systems. The tool should allow specification of the types and number of vulnerabilities to embed in the application.

Objectives Site Generator improvements: Enable OSG to build working application instead of existing dynamic stub approach. Enable OSG to generate web application with different backends: ASP, Java, etc. Improve OSG GUI. Enable generated web application to log all requests received. Create backend-independent library of web application building blocks: navigation elements and vulnerabilities.

Project contribution New OSG v2: generates source code for application, new GUI. Ability to generate .Net and JSP web applications. Library of vulnerabilities based on NIST and old OSG, library of navigational elements.

Status and Future Steps Alfa, problems with reviewers, unfinished. UNFINISHED: Testing and documenting Design of generated sites Future work: Site “logic”, interconnected building blocks to perform for example second order injections More interesting site templates