'OWASP'에 해당되는 글 15건

  1. 2013.01.04 웹취약점 OWASP TOP10 2013
  2. 2012.04.05 OWASP released iGoat Project an iOS Security Framework for Education
  3. 2012.01.06 OWASP AJAX Crawling Tool (update)
2013. 1. 4. 18:47

웹취약점 OWASP TOP10 2013

웹어플리케이션 보안 위험 아키텍처

OWASP 2013 RC1 버전 공개

2010년과 2013년 항목별 비교 내용

2010년 (한글)


2013년 (RC1)


Trackback 1 Comment 0
2012. 4. 5. 19:44

OWASP released iGoat Project an iOS Security Framework for Education

iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:

1 – Brief introduction to the problem.

2 – Verify the problem by exploiting it.

3 – Brief description of available remediations to the problem.

4 – Fix the problem by correcting and rebuilding the iGoat program.

Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don’t know how to fix a specific problem.

iGoat is free software, released under the GPLv3 license.


iGoat has been designed and built to be a foundation on which to build a series of iOS security lessons. The initial iGoat release will include a handful of lessons to work through, but one of the aims of the project is to build a community of developers to help build out additional lessons over time — much as WebGoat has before it.

Interested contributors are encouraged to contact the project leader (Ken van Wyk, ken@krvw.com) to find out how they can contribute to future releases of iGoat.

소스 : http://code.google.com/p/owasp-igoat/

Trackback 0 Comment 0
2012. 1. 6. 18:44

OWASP AJAX Crawling Tool (update)

Enumerating AJAX Applications with ACT (AJAX Crawling Tool)

This demo shows how the AJAX Crawling Tool can be used in conjunction with your favorite proxy to fully enumerate and test AJAX applications. The purpose of the video is to:

1) Demonstrate how traditional spidering tools do not enumerate entire applications
2) How to run a basic ACT session and attacking it's findings using a proxy

출처 : owasp.org 

Trackback 0 Comment 0