Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The ABCs of Source-Assisted Web Application Penetration Testing

OWASP Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the fundamentals of source-assisted web application penetration testing in this 45-minute conference talk from AppSecEU 2016 in Rome. Learn why utilizing source code is crucial, understand the concept of Hybrid Analysis Mapping, and discover the differences between Dynamic and Static Application Security Testing. Delve into vulnerability taxonomy, static and dynamic locations, and endpoint databases. Gain insights into plugin installation, attack surface enumeration, and handling false positives. Examine practical examples, including Android applications, debug parameters, and MVC configurations. Conclude with an overview of data flow analysis to enhance your web application security testing skills.

Syllabus

Introduction
Agenda
Why use source code
Hybrid Analysis Mapping
Initial Goal
Dynamic Application Security Testing
Static Application Security Testing
Vulnerability Taxonomy
Static and Dynamic Locations
Endpoint Database
Dynamic Results
Plugin Overview
Plugin Installation
Attack Surface Enumeration
False Positives
Example
Supported Technologies
Android Applications
Debug Parameters
MVC Model Configuration
MVC Example
Questions
Data Flow Analysis

Taught by

OWASP Foundation

Reviews

Start your review of The ABCs of Source-Assisted Web Application Penetration Testing

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.