Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Published byHollie Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."— Presentation transcript:

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org OWASP Lab Projects Overview Ahmed Saafan Software Security and Data Protection Consultant 12/4/2014

2 OWASP Agenda Introduction to OWASP Projects’ Process Tools Projects Walk-through Documentation Projects Walk-through Demos

3 OWASP Introduction What Falls Under OWASP Labs Significant-value code committed Not production ready Can remain in labs forever Tagged inactive after 6 months

4 OWASP Introduction Benefits of Being a Labs Projects Promotion support Resources priority over incubators Travel funding

5 OWASP Introduction Project Review Process Technical committee Feedback every 6 months Health Quality Usability Graduation

6 OWASP Introduction Types of Projects Tools Documentation

7 OWASP TOOLS

8 OWASP Projects: Tools OWASP DoS HTTP POST Layer 7 Resource Depletion Attack Send large POSTs slowly Only 20k POSTs to crash an 8-Cores 16GB RAM Web Server Demo

9 OWASP Projects: Tools OWASP EnDe Advanced Encoding / Decoding Obfuscation and Reversing Demo

10 OWASP Projects: Tools OWASP CSRFTester Test for CSRF Create CSRF Payloads Auto-post JS Demo

11 OWASP Projects: Tools YASCA Yet Another Source Code Auditor! Based on Open Source Engines FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, Pixy, FxCop, RATS…etc.Net, Java, Python and PHP Good for automation and finding the hanging fruits

12 OWASP Projects: Tools OWASP Mantra A bundle of security oriented browser extensions Based on Chromium Demo

13 OWASP Projects: Tools O2 Platform Security reviews and KB Platform SDLC workflow support Visual studio integration

14 OWASP Projects: Tools OWASP Broken Web Applications A collection of vulnerable Web Apps Basic, advanced and realistic sections VMware image Demo

15 OWASP Projects: Tools OWASP Hackademic Challenges Basic web attacks challenges Sep 2011 Demo

16 OWASP Projects: Tools Mutillidae A vulnerable web application Covering OWASP Top 10 flaws Vicnum A vulnerable web application Used for games and minors education

17 OWASP Projects: Tools OWASP CTF Actual CTF engine used in OWASP events Challenges code is not open (obviously!) Old unused challenges are opened regularly

18 OWASP DOCUMENTATION

19 OWASP Projects: Documentation OWASP Appsec Tutorial Series Video tutorials Basic concepts (XSS, SQLi, HSTS…) On going effort with lots to do

20 OWASP Projects: Documentation OWASP App Sensor Conceptual framework and methodology Attack detection points and response actions Demo

21 OWASP Projects: Documentation OWASP Legal Legal documentation framework Security in software contracts Terminology and definitions

22 OWASP Projects: Documentation OWASP Virtual Patching Guide Best practices for virtual patching Types, definitions and justification

23 OWASP Question: What is the name of the browser extension that analyzes web applications to detect frameworks, plugins and versions?

24 OWASP THANK YOU Questions?

Download ppt "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."

Similar presentations

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2005 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT

The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Security Scanning OWASP Education Nishi Kumar Computer based training

Security Scanning OWASP Education Nishi Kumar Computer based training
Copyright © 2008 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Similar presentations

Ads by Google