This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Projects/OWASP Zed Attack Proxy Project/Pages/Talks"

From OWASP
Jump to: navigation, search
Line 2: Line 2:
  
  
'''2014 December 21: Skype: [http://weekendtesting.com/archives/3804 Dan Billing: WTEU-52 – Revealing security problems with OWASP ZAP]'''
+
'''2015 February 21: Bangalore, India: [http://www.meetup.com/DotNetBLR/events/219455183/ Marudhamaran Gunasekaran: Practical Security Testing for Developers using OWASP ZAP]'''
  
If you were with us for WTEU-50 in October, you’ll remember that we took an introductory tour through the world of security testing. We analysed several different types of security vulnerability, and manually explored a demo application to see whether it was susceptible to these problems.
+
Every time an application faces the world wide web, it inherently becomes vulnerable to attacks. The attackers could be script kiddies, joyriders, turning from hobbyists to downright hostile. The earlier in the development cycle you find the vulnerabilities, the better they are to fix and test.  
  
On Sunday 21st, we’re taking things to the next level! We’re once again joined again by Dan Billing, who will be showing us how to use specialised (and often free) tools to help us uncover security weaknesses. These tools make it trivial to perform techniques such as fuzzing (automating different types of data injection) and scanning (monitoring application traffic for potential vulnerabilities) as part of your everyday test activities.
+
OWASP ZAP is a free and open source penetration testing tool for finding vulnerabilities in web applications; widely used by security professionals, it is also ideal for anyone new to web application security and includes features specifically aimed at developers.  
  
We’ll be conducting the session via Skype as usual. Dan will be sharing his screen with us for the duration of the session, so that you can follow along with his examples. Logistically, this means we’ll be running the session via a video call, although you won’t necessarily need to speak yourself – we’ll have the standard Skype text chat running alongside.
+
This session shows/demonstrates some attacks against web applications and how OWASP ZAP could be used to find those vulnerabilities, both manually and by automated builds.
 +
 
 +
For more information see http://meetup.com/DotNetBLR and https://www.facebook.com/groups/dotnetbangalore/

Revision as of 15:50, 19 January 2015

Upcoming Talks/Training:


2015 February 21: Bangalore, India: Marudhamaran Gunasekaran: Practical Security Testing for Developers using OWASP ZAP

Every time an application faces the world wide web, it inherently becomes vulnerable to attacks. The attackers could be script kiddies, joyriders, turning from hobbyists to downright hostile. The earlier in the development cycle you find the vulnerabilities, the better they are to fix and test.

OWASP ZAP is a free and open source penetration testing tool for finding vulnerabilities in web applications; widely used by security professionals, it is also ideal for anyone new to web application security and includes features specifically aimed at developers.

This session shows/demonstrates some attacks against web applications and how OWASP ZAP could be used to find those vulnerabilities, both manually and by automated builds.

For more information see http://meetup.com/DotNetBLR and https://www.facebook.com/groups/dotnetbangalore/

Retrieved from "https://wiki.owasp.org/index.php?title=Projects/OWASP_Zed_Attack_Proxy_Project/Pages/Talks&oldid=188244"