OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson...

14
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org Pure AppSec, No Fillers or Preservatives OWASP Cheat Sheet Series Michael Coates - Mozilla September, 2011 Tuesday, September 27, 2011

Transcript of OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson...

Page 1: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.

The OWASP Foundation

OWASP

http://www.owasp.org

Pure AppSec, No Fillers or Preservatives OWASP Cheat Sheet Series

Michael Coates - Mozilla

September, 2011

Tuesday, September 27, 2011

http://www.appsecusa.org/talks.html#cheatsheets
http://www.appsecusa.org/talks.html#cheatsheets
http://www.appsecusa.org/talks.html#cheatsheets
http://www.appsecusa.org/talks.html#cheatsheets
Page 2: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP 2

Compact

http://www.flickr.com/photos/eprater/6043906778

Tuesday, September 27, 2011

http://www.flickr.com/photos/eprater/6043906778
http://www.flickr.com/photos/eprater/6043906778
Page 3: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP 3

Comprehensive

http://www.flickr.com/photos/southbeachcars/5394835890

Tuesday, September 27, 2011

http://www.flickr.com/photos/southbeachcars/5394835890
http://www.flickr.com/photos/southbeachcars/5394835890
Page 4: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP 4

Correct

http://www.flickr.com/photos/behdad/526904677

Tuesday, September 27, 2011

http://www.flickr.com/photos/southbeachcars/5394835890
http://www.flickr.com/photos/southbeachcars/5394835890
Page 5: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP

The Cheat Sheets

5

Tuesday, September 27, 2011

Page 6: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP

The Authors

Abraham KangAchim Hoffmann Chris SchmidtDave Ferguson Dave Wichers David Rook Edwardo Alberto Vela NavaEoin KearyEric Sheridan Erlend OftedalFred Donovan Gareth HeyesJeff Williams Jeremy Long

Jim Manico John StevenKevin Kenan Kevin Wall Lenny ZeltserMario HeiderichMichael Boberski Michael Coates Mike SamuelPaul Petefish Raul Siles Robert HansenStefano Di PaolaTyler Reguly

6

Tuesday, September 27, 2011

Page 7: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP

Most Visited Cheat Sheets

7

XSS  (Cross  Site  Scrip.ng)  Preven.on  Cheat  Sheet  ..........................354,208

SQL  Injec.on  Preven.on  Cheat  Sheet  .............................................180,011

Cross-­‐Site  Request  Forgery  (CSRF)  Preven.on  Cheat  Sheet  .............78,086

Transport  Layer  Protec.on  Cheat  Sheet  ...........................................46,343

Authen.ca.on  Cheat  Sheet  ..............................................................28,074

Total Cheat Sheet Views : 740,000

Tuesday, September 27, 2011

Page 8: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP 8

Tuesday, September 27, 2011

Page 9: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP 9

Tuesday, September 27, 2011

Page 10: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP 10

Tuesday, September 27, 2011

Page 11: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP 11

Tuesday, September 27, 2011

Page 12: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP 12

Tuesday, September 27, 2011

Page 13: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP

What’s Next?

Cheat sheet updatesSingle cheat sheet downloadCheat sheet book

13

Tuesday, September 27, 2011

Page 14: OWASP · 2011-10-02 · OWASP The Authors Abraham Kang Achim Hoffmann Chris Schmidt Dave Ferguson Dave Wichers David Rook Edwardo Alberto Vela Nava Eoin Keary Eric Sheridan Erlend

OWASP

Questions?

14

Tuesday, September 27, 2011


OWASP OTG-configuration (OWASP Thailand chapter november 2015)

OWASP OTG-configuration (OWASP Thailand chapter november 2015)

Owasp tools - OWASP Serbia

Owasp tools - OWASP Serbia

OWASP BeLux 2008-03-04 OWASP Update · 2020-05-18 · OWASP 5 Program for this evening:

OWASP BeLux 2008-03-04 OWASP Update · 2020-05-18 · OWASP 5 Program for this evening:

OWASP Toronto - OWASP Foundation | Open Source Foundation ...

OWASP Toronto - OWASP Foundation | Open Source Foundation ...

Modern information gathering - OWASP · Modern information gathering Dave van Stein 9 april 2009. Who Am I Dave van Stein 34 years ... –Contains Google Hacking Database –Automated

Modern information gathering - OWASP · Modern information gathering Dave van Stein 9 april 2009. Who Am I Dave van Stein 34 years ... –Contains Google Hacking Database –Automated

Unraveling some of the Mysteries around DOM-based XSS · 2020-01-17 · Unraveling some of the Mysteries around DOM-based XSS Dave Wichers Aspect Security, COO OWASP Boardmember OWASP

Unraveling some of the Mysteries around DOM-based XSS · 2020-01-17 · Unraveling some of the Mysteries around DOM-based XSS Dave Wichers Aspect Security, COO OWASP Boardmember OWASP

OWASP Top-10 2013 Tobias Gondrom (OWASP Project Leader)

OWASP Top-10 2013 Tobias Gondrom (OWASP Project Leader)

The OWASP Foundation OWASP Summit 2011 ¿A donde vamos…?

The OWASP Foundation OWASP Summit 2011 ¿A donde vamos…?

OWASP (Membership) and new OWASP Projects · OWASP 7 OWASP

OWASP (Membership) and new OWASP Projects · OWASP 7 OWASP

Proactive Web Application Defenses. Jim Manico @manicode – OWASP Volunteer Global OWASP Board Member Global OWASP Board Member OWASP Cheat-Sheet Series.

Proactive Web Application Defenses. Jim Manico @manicode – OWASP Volunteer Global OWASP Board Member Global OWASP Board Member OWASP Cheat-Sheet Series.

OWASP – Top 10 · • OWASP Code Review Guide • OWASP Testing Guide • OWASP Top Ten Project . OWASP – TOP 10 • OWASP Top 10 Web Application Security Risks for 2010 are:

OWASP – Top 10 · • OWASP Code Review Guide • OWASP Testing Guide • OWASP Top Ten Project . OWASP – TOP 10 • OWASP Top 10 Web Application Security Risks for 2010 are:

OWASP 2013 APPSEC USA Talk - OWASP ZAP

OWASP 2013 APPSEC USA Talk - OWASP ZAP

Review OWASP 2014 - OWASP Perú

Review OWASP 2014 - OWASP Perú

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.

The OWASP Foundation OWASP Global Update Seba Deleersnyder OWASP Foundation Board Member.

The OWASP Foundation OWASP Global Update Seba Deleersnyder OWASP Foundation Board Member.

ng-owasp: OWASP Top 10 for AngularJS Applications

ng-owasp: OWASP Top 10 for AngularJS Applications

OWASP Testing Guide - OWASP Summit 2011

OWASP Testing Guide - OWASP Summit 2011

OWASP The OWASP Foundation

OWASP The OWASP Foundation

Unraveling some of the Mysteries around DOM-based XSS · PDF fileUnraveling some of the Mysteries around DOM-based XSS Dave Wichers Aspect Security, COO OWASP Board Member OWASP Top

Unraveling some of the Mysteries around DOM-based XSS · PDF fileUnraveling some of the Mysteries around DOM-based XSS Dave Wichers Aspect Security, COO OWASP Board Member OWASP Top

OWASP TOP 10 vs OWASP ASVS - owasp-stl.orgowasp-stl.org/decks/Top10vsASVS.pdf · The OWASP Top Ten •The OWASP Top 10 provides a list of the 10 Most Critical Web Application Security

OWASP TOP 10 vs OWASP ASVS - owasp-stl.orgowasp-stl.org/decks/Top10vsASVS.pdf · The OWASP Top Ten •The OWASP Top 10 provides a list of the 10 Most Critical Web Application Security