Presented at
AppSec USA 2015,
Sept. 23, 2015, 3:30 p.m.
(90 minutes)
Note: This is a two day course from Tues 2015-09-22 - Wed 2015-09-23
The OWASP Application Verification Standard provides great guidelines which help us develop secure applications. However, nobody is perfect. How do we audit to ensure we are following these standards consistently? This hands-on training provides examples of how to audit our web-based applications for adherence to the OWASP ASVS using the Burp Suite interception proxy and a few other free tools. Learn how to use Burp Suite and how to ensure applications comply with written standards.
All testing will be against targets included on the Samurai WTF distribution which will allow students to follow along with the demonstrations and participate in the hands-on labs. Hands-on labs include auditing horizontal and vertical brute-force controls, XSS and BeEF, CSRF by example, exploiting insecure direct object references and many more.
Who Should Take This Course?
This course is designed for application security professionals, security auditors, quality assurance engineers, and software developers.
What Should Students Bring?
Samurai WTF
Presenters:
-
David Hazar
- Product Development Security Lead - Oracle Service Cloud
I am all about application security and the need to better secure our applications by not only identifying issues, but training developers to understand these issues and write more secure code. QA engineers also need to understand these issues so they can write meaningful test cases. Don't forget to sign up for my two-day training "Hands-on Auditing of the OWASP Application Security Verification Standard"!
Links:
Similar Presentations: