This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cooking with OWASP: Recipes in Web Security Testing"
(New page: ==The Presentation: "Cooking with OWASP: Recipes in Web Security Testing"== Many of the OWASP projects are tools that you can use to test web applications directly., but not just from a s...) |
|||
| Line 2: | Line 2: | ||
Many of the OWASP projects are tools that you can use to test web applications directly., but not just from a security assessor’s point of view. Software testers need to be able to work security testing into their day-to-day testing regimen. In this talk, Paco will show you a few recipes from his recently released “Web Security Testing Cookbook” that feature OWASP tools. You’ll see how to cheat at some Facebook games by decoding their data with CAL9000, how to assess session ID strength using WebScarab, and how to fuzz web services with wsFuzzer. This talk is all about how to get some actionable hands-on results from some outstanding OWASP tools. | Many of the OWASP projects are tools that you can use to test web applications directly., but not just from a security assessor’s point of view. Software testers need to be able to work security testing into their day-to-day testing regimen. In this talk, Paco will show you a few recipes from his recently released “Web Security Testing Cookbook” that feature OWASP tools. You’ll see how to cheat at some Facebook games by decoding their data with CAL9000, how to assess session ID strength using WebScarab, and how to fuzz web services with wsFuzzer. This talk is all about how to get some actionable hands-on results from some outstanding OWASP tools. | ||
| + | |||
| + | Download: [[Media:CookingWithOWASP-opt.pdf| Cooking With OWASP.pdf]] | ||
==The Speaker: Paco Hope== | ==The Speaker: Paco Hope== | ||
Latest revision as of 15:53, 13 March 2009
The Presentation: "Cooking with OWASP: Recipes in Web Security Testing"
Many of the OWASP projects are tools that you can use to test web applications directly., but not just from a security assessor’s point of view. Software testers need to be able to work security testing into their day-to-day testing regimen. In this talk, Paco will show you a few recipes from his recently released “Web Security Testing Cookbook” that feature OWASP tools. You’ll see how to cheat at some Facebook games by decoding their data with CAL9000, how to assess session ID strength using WebScarab, and how to fuzz web services with wsFuzzer. This talk is all about how to get some actionable hands-on results from some outstanding OWASP tools.
Download: Cooking With OWASP.pdf
The Speaker: Paco Hope
Paco Hope is a Technical Manager with Cigital, Inc. and has 12 years of experience in the security of web applications, operating systems, and embedded devices (lottery systems, cell phones, casino gaming devices, smart cards). As a consultant, his customers include MasterCard International, WMS Gaming, GTECH, FINRA (the US securities exchange regulator) and Sterling Commerce (an AT&T Company). He is a frequent speaker on security testing and web application security. His current passion is bringing the techniques of security assessment into the mainstream activities of QA departments and testers. He is co-author of two security books and is also a prior co-chair of VERIFY, an international conference on software testing.
