This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP/Training/LAPSE+"

From OWASP
Jump to: navigation, search
 
(3 intermediate revisions by one other user not shown)
Line 2: Line 2:
 
| Module_designation = [[OWASP LAPSE Project|OWASP LAPSE Project]]
 
| Module_designation = [[OWASP LAPSE Project|OWASP LAPSE Project]]
 
| Module_Overview_Goal =
 
| Module_Overview_Goal =
 
+
<b>LAPSE+</b> is based on the static analysis of code to detect the source, intended for Java 1.6 or higher Developers with Eclipse Helios. The goal of the presentation is to teach developers how to install and use the functionality of the LAPSE+ plugin and give users a practical understanding of how it can be used to protect against security vulnerabilities.
To be filled in
 
 
 
 
| Content =  
 
| Content =  
<b>LAPSE+</b> is a security scanner for detecting vulnerabilities of untrusted data injection in Java EE Applications. It has been developed as a plugin for Eclipse Java Development Environment, working specifically with Eclipse Helios and Java 1.6 or higher. There are currently following vulnerabilities detected:
+
<b>LAPSE+</b> is based on the static analysis of code to detect the source, intended for Java 1.6 or higher Developers with Eclipse Helios. The goal of the presentation is to teach developers how to install and use the functionality of the LAPSE+ plugin and give users a practical understanding of how it can be used to protect against security vulnerabilities enumerated below:
 
*URL Tampering
 
*URL Tampering
 
*Cookie Poisoning
 
*Cookie Poisoning
Line 17: Line 15:
 
| Material =  
 
| Material =  
 
&nbsp;
 
&nbsp;
*To be filled in
+
*[https://www.owasp.org/images/c/c8/Code_analysis_lapse.ppt Code Analyses - PPT File]
 
*
 
*
 
&nbsp;
 
&nbsp;

Latest revision as of 09:30, 7 August 2011

MODULE
OWASP LAPSE Project
Overview & Goal
LAPSE+ is based on the static analysis of code to detect the source, intended for Java 1.6 or higher Developers with Eclipse Helios. The goal of the presentation is to teach developers how to install and use the functionality of the LAPSE+ plugin and give users a practical understanding of how it can be used to protect against security vulnerabilities.
Contents Materials
LAPSE+ is based on the static analysis of code to detect the source, intended for Java 1.6 or higher Developers with Eclipse Helios. The goal of the presentation is to teach developers how to install and use the functionality of the LAPSE+ plugin and give users a practical understanding of how it can be used to protect against security vulnerabilities enumerated below:
  • URL Tampering
  • Cookie Poisoning
  • Parameter Tampering
  • Header Manipulation
  • Cross-site Scripting (XSS)
  • HTTP Response Splitting
  • Injections (SQL, Command, XPath, XML, LDAP)
  • Path Traversal
 

 

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP/Training/LAPSE%2B&oldid=115113"