Web Application Security - owasp top 10 vulnerabilities - Shan Jun Ng - FOSSASIA Summit 2017

Published on: Sunday, 19 March 2017

Speaker(s): Shan Jun Ng (Singapore)

Securing you web application - (testing and Verification)introduction:- Functional testing vs Security testing - Security testing tipsStrategy for securing your web application: Secure at the Source-SDLC (secure software development Lifecycle) -introduce Microsoft open framework of secure development lifecycle Testing Methodology- type of tests black, white and grey boxOpen Web Application Security Project (OWASP) is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security-OWASP ASVS (Application Security and Verification Standard)-3 main parts of OWASP-19 Security requirements Areas for ASVS 3.0:-OWASP Testing GuideProcessRecon -- mapping -- discovery -- exploitationtesting tool e.g.-Nmap & Zenmap-Burpsuite-Cookies Manager+-etc Verifying identified vulnerabilities by attacking and exploiting them•Go after the data or functionality that real attackers would go after•Successful exploitation is a stepping stone and should open up a new round of mapping and discoverymaybe a demo on injection and cross site scripting

(Type: Talk | Track: Security and Privacy | Room: Faraday (Floor 3))

Event Page: http://2017.fossasia.org

Produced by Engineers.SG