Remote Testing For Common Web Application Security Threats
No ratings
Presented at OWASP Appsec 2010 by
The proliferation of web-based applications has increased the enterprise's exposure to a variety of threats. There are overarching steps that can and should be taken at various steps in the application's lifecycle to prevent or mitigate these threats, such as implementing secure design and coding practices, performing source code audits, and maintaining proper audit trails to detect unauthorized use. This workshop will enable students to test the security of web-based applications from the perspective of the end user. Security testing helps to fulfill industry best practices and validate implementation. Security testing is especially useful since it can be done at various phases within the application's lifecycle (e.g. during development), or when source code is not available for review. The most common threats and their potential impact will be covered (based on the industry standard OWASP "Top Ten" – see http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project). Hands-on labs and demonstrations will be used to teach the tools and techniques needed to remotely detect and validate the presence of these threats.