• Like
  • Save
Web Application Security Testing Tools
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Web Application Security Testing Tools

  • 1,762 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Hi aNhuan Lai-Duc,

    Thanks for your useful presentation.

    Can you share me this slide? If possible, my e-mail is: tuanvu1109@gmail.com
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
1,762
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
1
Likes
4

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Software Development CenterWeb Application Security Testing Tools Created by: Nhuan Lai-Duc Effective date: December 09, 2012 Version: 1.0 Template ID: Base_Template_ODP_1_0.otp
  • 2. Document ControlVersion Change description Changed by Date Approved by Date0.1 Initiate Nhuan Lai-Duc November 29, 2012 N/A N/A1.0 Format update Nhuan Lai-Duc December 09, 2012 Nhuan Lai-Duc December 09, 2012Web Application Security Testing Tools 2
  • 3. Review RecordVersion Defects Type Severity Reviewed by Date0.1 Format W Minor Nhuan Lai-Duc December 09, 2012Types:A – Ambiguous (something described unclearly, unintelligibly)M – Missing (something needs to be there but is not)W – Wrong (something is erroneous with something else)E – Extra (something unnecessary is present)Severity:Fatal, Major, Minor, CosmeticWeb Application Security Testing Tools 3
  • 4. Agenda  Introduction  Top 10 most critical web app security risks  OWASP: Open Web App Security Project  OWASP Top 10 for 2010  Web app security testing tools  Use security testing tools to test your web app  Security report for your web app  Plan to deal with prioritized security issues  Open issuesWeb Application Security Testing Tools 4
  • 5. Introduction  ISO 25010: Software Quality Requirements  ISO 25010: 3 Quality Models  System / Software Product Quality  Data Quality  Quality In Use  System / Software Product Quality  8 characteristics  Broken down to 31 sub-characteristics  Security  1 / 8 characteristics  5 sub-characteristics  Web app security: Guarantee system / software quality!Web Application Security Testing Tools 5
  • 6. Top 10 most critical web app security risks  OWASP: The Open Web Application Security ProjectWeb Application Security Testing Tools 6
  • 7. Web Application Security Testing Tools  Each tool for each web app security riskWeb Application Security Testing Tools 7
  • 8. Web Application Security Testing Tools  Injection: W3AF  Cross Site Scripting: ZAP  Broken Authentication & Session Management: HackBar  Insecure Direct Object References: Burp suite  Cross Site Request Forgery: Tamper Data  Security Misconfiguration: Watobo  Failure to Restrict URL Access: Wikto  Insecure Cryptographic Storage: N/A  Insufficient Transport Later Protection: Calomel Add-on  Unvalidated Redirects and Forwards: WatcherWeb Application Security Testing Tools 8
  • 9. Web App Security Testing Tool: W3AFWeb Application Security Testing Tools 9
  • 10. Web App Security Testing Tool: ZAPWeb Application Security Testing Tools 10
  • 11. Web App Security Testing Tool: HackbarWeb Application Security Testing Tools 11
  • 12. Web App Security Testing Tool: Burp SuiteWeb Application Security Testing Tools 12
  • 13. Security Testing Tool: Tamper DataWeb Application Security Testing Tools 13
  • 14. Web App Security Testing Tool: WatoboWeb Application Security Testing Tools 14
  • 15. Web App Security Testing Tool: WiktoWeb Application Security Testing Tools 15
  • 16. Security Testing Tool: Calomel Add-onWeb Application Security Testing Tools 16
  • 17. Web App Security Testing Tool: WatcherWeb Application Security Testing Tools 17
  • 18. Security Testing Tools: Test Your Web App  TBDWeb Application Security Testing Tools 18
  • 19. Security Testing Tools: Security Report For Your Web App  TBDWeb Application Security Testing Tools 19
  • 20. Security Testing Tools: Plan: Deal With Prioritized Security Issues  TBDWeb Application Security Testing Tools 20
  • 21. Questions & Answers ?Web Application Security Testing Tools 21
  • 22. Thanks for your attention!Web Application Security Testing Tools 22