-
Notifications
You must be signed in to change notification settings - Fork 1
Web Security
Mac Peters edited this page Dec 22, 2020
·
4 revisions
- Burp Suite (proxy server)
- Encoding Tools
- Firefox's Tamper Data (proxy server)
- free owasp resources
- use owasp's Application Security Verification Standard (ASVS) to define what secure means for any given app
- design security in from the start, rather than adding it in later
- orgs should establish an app security program: gain insight, improve security across app portfolio
- org should work together: security and audit, software dev, business and exec. mgmt
- visibility
- focus
- documentation of all apps and assets. Use Configuration Management Database (CMDB)
- establish a program, drive buy-in
- adopt gap analysis, develop improvement plan
- gain exec. approval, establish awareness campaign for entire IT organization
- verification activities to integrate
- threat modeling
- secure design and review
- secure coding and code review
- pen testing
- remediation
- have SMAs
- Cybrary
- Data Recovery Training
- HackerOne
- HackTheBox
- Hellbound Hackers
- New Horizons Training
- OWASP Top Ten
- OWASP Vulnerable Web Apps Directory
- SecTor 2019
- WebSec Files
- csrf testing: https://wiki.owasp.org/index.php/Testing_for_CSRF_(OTG-SESS-005)
- Cyber security Programs: https://www.eccouncil.org/programs/
- cisco.com training for networking
- giac
- isaca
- isc(2)
- McAfee Institute
- https://owasp.org/www-project-top-ten/
- https://owasp.org/www-project-cheat-sheets/
- https://owasp.org/www-project-application-security-verification-standard/
- https://www.opensamm.org/
- https://owasp.org/www-project-risk-assessment-framework/
- https://owasp.org/www-project-appsensor/migrated_content
- https://owasp.org/www-project-enterprise-security-api/
- https://owasp.org/www-project-webgoat/
- https://owasp.org/events/
- https://owasp.org/chapters/