Overview
Explore app security testing and secure development lifecycle practices in this 58-minute conference talk. Learn about integrating security into the development process, production testing techniques, and essential hacking tools. Discover four key steps in security testing: reconnaissance, mapping, vulnerability assessment, and exploitation. Gain insights into active web scanners, GUI tools, and command-line utilities like Skipfish. Examine proxy-based tools such as Burp Suite, OWASP ZAP, and Fiddler for in-depth web application testing. Acquire practical knowledge on using SQL maps and implementing a comprehensive web test framework to enhance your application security skills.
Syllabus
Intro
About James Jardine
Agenda
Development Life Cycle
Integrating Security
Production Testing
Hacking Tools
Open Source Tools
Four Steps
Reconnaissance
Mapping
Vulnerability Assessment
Vulnerability Exploitation
Active Web Scanners
GUI Overview
GUI Run
Scripting
Skipfish
Skipfish Findings
Skipfish Command Line
Dictionary Mode
HTML Report
Wrap Proxy
Scan Proxy
Report
Burp
Site Map
Scanner
OAuthZ
Attack Proxy
HTML Reports
Fiddler
Watcher
Web Test Framework
Samurai
SQL Maps
Practice
Wrap Up
Questions