Automated Vulnerability Scanning

[estavrak]

Remember that 'Developing with Security in Mind' meetup we had in February?

We are certain y' all have been 'practicing safe development', and would like to show you a few ways to double check your work.

We will have a look at a few tools that can be used for web app vulnerability scanning, mostly 'point & click' stuff included in Kali Linux, such as:

• httrack
• owasp-zap
• w3af
• nikto
• nmap
• wpscan
• golismero
• and a few more 👊

Of course, there will probably be some preaching about current threats, best practices, the earth being flat, and beer.

Anyone willing to contribute is more than welcome, so far @daknob and I are thinking about this.

Special thanks to @EiriniKP for the poster!

PS: @gsaslis “In this meetup, we will see how we can incorporate automated security testing in the Software Development Life Cycle so we can increase the Agility of the team."

[daknob]

👍

[daknob]

🔈

[maounis]

👍

[zakkak]

👍

[irinikp]

👍

[sonaht]

👍

[gvre]

👍

[flouris]

👍

[estavrak]

👍

[estavrak]

🔈

[cmaragoulis]

👍

[gsaslis]

Hmm interesting!

👍

Also, did you guys know about http://inspec.io/ ? Together with the CIS Security benchmarks (which are btw, embedded in Chef Compliance, a commercial Chef offering) it takes a somewhat different approach (if I understand correctly what you're proposing) to tackle some of the same issues. It basically says: let me check your server against a looooong list of known security vulnerabilities and come back to you with things you need to fix.

[mikedi]

👍

[msti]

👍

[gsaslis]

TIL http://dev-sec.io/

[agougousis]

👍

[angeletos]

👍

[ManosGEM]

👍

[nikos445]

👍

[dzervas]

👍

[maninak]

👍

[sonaht]

Closing this as we are currently managing the "next meetup topic" via a shared form

Please reopen if you feel this should remain