James Tsao OWASP Exco member and Program …Gary Kung, SCBCD, SCWCD, SCWS, OCP OWASP Exco member and Program Committee [email protected]. OWASP Developer’s Viewpoint Disconcerting
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Gary Kung, SCBCD, SCWCD, SCWS, OCPOWASP Exco member and Program Committee [email protected]
OWASP
Developer’s Viewpoint
Disconcerting and worrying – web apps seems so easy to break!Fortunately – ways to combat them ☺Developer’s Best Friends
Know your HTTPBecome familiar with methods of exploits (e.g. come to OWASP seminar)Tools to help you debug and test against vulnerabilities
OWASP
Know Your HTTP
Browser / HTML based appsWAP / WML based appsiMode / cHTML based appsWeb Services
OWASP
WebScarab
OWASP ProjectHTTP and HTTPS analyzer (proxy)Developer’s debug tool, Security Specialist vulnerability inspection toolUse it with the right intentions!http://www.owasp.org/software/webscarab.html
Standalone mode, download and execute using java –jar
OWASP
WebGoat
OWASP Projecthttp://www.owasp.org/software/webgoat.htmlFully featured Java Web Application (Tomcat)Useful ‘toy’ for you to learn, and exploit (safe in the fact that no one will sue you for hacking ☺)Tutorial style – lesson by lesson.Break the Challenge!
OWASP
WebGoat from OWASP (www.owasp.org)
OWASP
Good Design is Worth it!
Ease development of combative measuresEnterprise Developer Vs Hobbyist Developer
Apply sound software design patternsDon’t reinvent the wheel -use popular application
frameworks!Don’t get distracted by the ‘quick & dirty’ way to
code production apps, they will come back and haunt you (and your bosses).