Category:How To

Application Security How-To Articles
This category is for articles describing how to perform a specific activity that contributes to application security. For example, "How to test session identifier strength using WebScarab." Articles should be titled with a specific title starting with "How To." Articles can focus in on a specific topic or be an overview article that references lots of smaller steps. Long articles should be broken into a set of smaller steps with an overview article.

The OWASP Guides
There are three different OWASP Guides. They are full of useful information about how to perform application security activities.


 * The OWASP Guide to Building Secure Web Applications and Web Services
 * This OWASP Guide has hundreds of articles about all the major security issues you'll encounter when designing or building a secure web application or web service.


 * The OWASP Testing Guide
 * This OWASP Guide has articles specifically about performing security penetration testing on web applications and web services.


 * The OWASP Code Review Guide
 * This OWASP Guide covers all the same vulnerabilities and security mechanisms as the Testing Guide, but provides guidance on finding the problems in the source code.

OWASP LiveCD Education Project (SpoC 2007)

 * OWASP - WebScarab Exploiting Input Validation
 * Parameter exploitation and input validation.


 * OWASP - LabRat Up and Running on Hard Disk
 * Guide to installing OWASP LabRat to your hard disk.


 * OWASP - Running WebGoat in LabRat
 * Guide to getting WebGoat up and running.


 * OWASP - Using JBroFuzzer in LabRat
 * Introduction to using JBroFuzzer in LabRat.


 * OWASP - WebGoat Introduction to XSS
 * Introduction to and working examples of XSS using WebGoat in LabRat.


 * OWASP - Building Your Own LabRat ISO
 * Guide to building your own custom LabRat ISO distribution.

Other How-To Articles
There are some other How-To articles listed below. Many are stubs that need to be finished.

[Https://www.owasp.org/index.php/Proxyassertion Proxy based assertion for authentication and authorization]