Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the fundamentals of source-assisted web application penetration testing in this 45-minute conference talk from AppSecEU 2016 in Rome. Learn why utilizing source code is crucial, understand the concept of Hybrid Analysis Mapping, and discover the differences between Dynamic and Static Application Security Testing. Delve into vulnerability taxonomy, static and dynamic locations, and endpoint databases. Gain insights into plugin installation, attack surface enumeration, and handling false positives. Examine practical examples, including Android applications, debug parameters, and MVC configurations. Conclude with an overview of data flow analysis to enhance your web application security testing skills.
Syllabus
Introduction
Agenda
Why use source code
Hybrid Analysis Mapping
Initial Goal
Dynamic Application Security Testing
Static Application Security Testing
Vulnerability Taxonomy
Static and Dynamic Locations
Endpoint Database
Dynamic Results
Plugin Overview
Plugin Installation
Attack Surface Enumeration
False Positives
Example
Supported Technologies
Android Applications
Debug Parameters
MVC Model Configuration
MVC Example
Questions
Data Flow Analysis
Taught by
OWASP Foundation