Application Security How To Articles
This category is for articles describing how to perform a specific activity that contributes to application security. For example, "How to test session identifier strength using WebScarab". Articles should be titled with a specific title starting with "How to". Articles can focus in on a specific topic or be an overview article that references lots of smaller steps. Long articles should be broken into a set of smaller steps with an overview article.
The OWASP Guides
There are three different OWASP Guides. They are full of useful information about how to perform application security activities.
- The OWASP Guide to Building Secure Web Applications and Web Services
- The OWASP Guide has hundreds of articles about all the major security issues you'll encounter when designing or building a secure web application or web service.
- The OWASP Testing Guide
- The OWASP Testing Guide has articles specifically about performing security penetration testing on web applications and web services.
- The OWASP Code Review Guide
- The OWASP Code review guide covers all the same vulnerabilities and security mechanisms as the testing guide, but provides guidance on finding the problems in the source code.
OWASP LiveCD Education Project : Spring Of Code 2007
- OWASP - WebScarab Exploiting Input Validation
- Exploiting parameters and input validation from SecurityDistro
- OWASP - LabRat Up and Running on Hard Disk
- Guide to installing OWASP LabRat to your hard disk from SecurityDistro
- OWASP - Running WebGoat in LabRat
- Guide to getting WebGoat up and Running in LabRat from SecurityDistro
- OWASP - WebGoat Introduction to XSS
- Introduction and working examples of XSS using WebGoat in LabRat from SecurityDistro
Other How To Articles
There are some other How To articles listed below. Many are stubs that need to be finished.
This category has the following 2 subcategories, out of 2 total.
- ► OWASP Project (132 C, 419 P)
Pages in category "How To"
The following 32 pages are in this category, out of 32 total.
- How to add a new article
- How to add a security log level in log4j
- How to bootstrap the NIST risk management framework with verification activities
- How to bootstrap your SDLC with verification activities
- How to create verification project schedules
- How to modify proxied conversations
- How to perform a security architecture review at Level 1
- How to perform a security architecture review at Level 2
- How to specify verification requirements in contracts
- How to test session identifier strength with WebScarab
- How to Write an Application Code Review Finding
- How to write insecure code
- How to write verifier job requisitions