OWASP/Training/LAPSE+

From OWASP
Jump to: navigation, search
MODULE
OWASP LAPSE Project
Overview & Goal
LAPSE+ is based on the static analysis of code to detect the source, intended for Java 1.6 or higher Developers with Eclipse Helios. The goal of the presentation is to teach developers how to install and use the functionality of the LAPSE+ plugin and give users a practical understanding of how it can be used to protect against security vulnerabilities.
Contents Materials
LAPSE+ is based on the static analysis of code to detect the source, intended for Java 1.6 or higher Developers with Eclipse Helios. The goal of the presentation is to teach developers how to install and use the functionality of the LAPSE+ plugin and give users a practical understanding of how it can be used to protect against security vulnerabilities enumerated below:
  • URL Tampering
  • Cookie Poisoning
  • Parameter Tampering
  • Header Manipulation
  • Cross-site Scripting (XSS)
  • HTTP Response Splitting
  • Injections (SQL, Command, XPath, XML, LDAP)
  • Path Traversal