Talk Blog

 

From Yogi To Smokey

 

This is the archive sites for materials & information from my OWASP talk at the NH JUG on June 28, 2011.


You can find a PDF of the full presentation here. You will have to have either been at the talk or figure out the seekrit from the presentation itself to copy any materials from it (it’s not a content protection thing, it’s a puzzle).


Below are 95% of the links from the presentation (that’s just a hedge in case I missed one or two).


I want to thank everyone who attended and say a special thank you to Scott, Matt & Ted for risking their reputations and future NH JUG attendance by asking a security guy to give an OWASP talk.


(and, yes, I did use iWeb to make this,
mostly because I’m old and lazy)


Rugged Software Links

  1. •http://www.ruggedsoftware.org/

  2. •http://www.owasp.org/index.php/Rugged_Software


Threat Modeling Resources

  1. •http://msdn.microsoft.com/en-us/library/ff648644.aspx

  2. •http://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx

  3. •https://www.owasp.org/index.php/Threat_Risk_Modeling

  4. •http://www.sans.org/reading_room/whitepapers/securecode/threat-modeling-process-ensure-application-security_1646

  5. •http://video.google.com/videoplay?docid=-734106766899160289#


OWASP ESAPI Java

  1. •http://code.google.com/p/owasp-esapi-java/


OWASP AntiSamy

  1. •http://www.owasp.org/images/e/e9/OWASP-WASCAppSec2007SanJose_AntiSamy.ppt


Vulnerability Scanners

  1. •Nessus – http://www.tenable.com/products/nessus

  2. •Wapiti – http://wapiti.sourceforge.net/

  3. •Nikto 2 — http://www.cirt.net/nikto2

  4. •Burp Suite – http://portswigger.net/burp/

  5. •$ Retina — http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx

  6. •$ QualysGuard – http://www.qualys.com/products/qg_suite/was/


WAFs

  1. •mod_security — http://www.modsecurity.org/

  2. •IronBee – https://www.ironbee.com/

  3. •$ Hyperguard – http://www.artofdefence.com/en/products/hyperguard.html

  4. •$ F5 ASM – http://www.f5.com/products/big-ip/application-security-manager.html.html

  5. •$ Imperva – http://www.imperva.com/index.html

  6. •WebKnight – http://www.aqtronix.com/?PageID=99


SQLi

  1. •sqlmap – http://sqlmap.sourceforge.net/

  2. •sqlninja – http://sqlninja.sourceforge.net/

  3. •Free & $ Havij — http://itsecteam.com/en/projects/project1.htm


General Tools

  1. •nmap – http://nmap.org/

  2. •netstat – Win: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netstat.mspx?mfr=true

  3. •netstat – Other: http://linux.die.net/man/8/netstat


Frameworks

  1. •JAAS – http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/tutorials/index.html (Watch out under load, tho)

  2. •Shiro – http://shiro.apache.org/

  3. •ESAPI – http://code.google.com/p/owasp-esapi-java/

  4. •Spring Security – http://static.springsource.org/spring-security/site/

  5. •Hibernate – http://www.hibernate.org/quick-start


Certifications

  1. •http://software-security.sans.org/certification

  2. •http://www.giac.org/certification/gssp-java


Training

  1. •Security Innovation — http://l.rud.is/owasptraining


Practice

  1. •Gruyere — http://gruyere.appspot.com/

  2. •DVWA — http://sourceforge.net/projects/dvwa/

  3. •WackoPicko — https://github.com/adamdoupe/WackoPicko


 

Tuesday, June 28, 2011

 
 
Made on a Mac

next >

< previous