본문 바로가기

OWASP18

OWASP AJAX Crawling Tool (update) Enumerating AJAX Applications with ACT (AJAX Crawling Tool) This demo shows how the AJAX Crawling Tool can be used in conjunction with your favorite proxy to fully enumerate and test AJAX applications. The purpose of the video is to: 1) Demonstrate how traditional spidering tools do not enumerate entire applications 2) How to run a basic ACT session and attacking it's findings using a proxy 출처 .. 2012. 1. 6.
OWASP Broken Web Applications Project 0.94 released Our first post regarding OWASPBWA or the OWASP Broken Web Applications Project can be found here. About two months ago, an updated version – OWASPBWA version 0.94 was released! “Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost VMware Pl.. 2011. 9. 7.
OWASP Top 10 2010 시연 동영상 OWASP Top 10 2010: A1 - Injection OWASP Top 10 2010: A2 - Cross Site Scripting OWASP Top 10 2010: A3 - Broken Authentication and Session Management OWASP Top 10 2010: A4 - Insecure Direct Object References OWASP Top 10 2010: A5 - Cross-Site Request Forgery (CSRF) OWASP Top 10 2010: A6 - Security Misconfiguration OWASP Top 10 2010: A7 - Insecure Cryptographic Storage OWASP Top 10 2010: A8 - Failu.. 2011. 2. 8.
OWASP Zed Attack Proxy Project The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerab.. 2011. 1. 13.
Automated vs. Manual Security Automated vs. Manual Security: You can't filter "The Stupid" http://blip.tv/play/AYHwpGEC 2010. 9. 6.