The ABCs of Source-Assisted Web Application Penetration Testing
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the fundamentals of source-assisted web application penetration testing in this 45-minute conference talk from AppSecEU 2016 in Rome. Learn why utilizing source code is crucial, understand the concept of Hybrid Analysis Mapping, and discover the differences between Dynamic and Static Application Security Testing. Delve into vulnerability taxonomy, static and dynamic locations, and endpoint databases. Gain insights into plugin installation, attack surface enumeration, and handling false positives. Examine practical examples, including Android applications, debug parameters, and MVC configurations. Conclude with an overview of data flow analysis to enhance your web application security testing skills.
Syllabus
Introduction
Agenda
Why use source code
Hybrid Analysis Mapping
Initial Goal
Dynamic Application Security Testing
Static Application Security Testing
Vulnerability Taxonomy
Static and Dynamic Locations
Endpoint Database
Dynamic Results
Plugin Overview
Plugin Installation
Attack Surface Enumeration
False Positives
Example
Supported Technologies
Android Applications
Debug Parameters
MVC Model Configuration
MVC Example
Questions
Data Flow Analysis
Taught by
OWASP Foundation
Related Courses
Authentication & Authorization: OAuthUdacity Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Hacking and Patching
University of Colorado System via Coursera Fundamentals of Computer Network Security
University of Colorado System via Coursera