Difference between revisions of "OWASP Security Blitz"

From OWASP
Jump to: navigation, search
(June contents, YouTube videos from getmantra channel)
(May - Cross Site Scripting)
Line 25: Line 25:
  
 
===May - Cross Site Scripting===
 
===May - Cross Site Scripting===
# [https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet OWASP XSS Prevention Cheat Sheet] (Builder)
 
 
# [http://ha.ckers.org/xss.html XSS cheat sheet] (Breaker)
 
# [http://ha.ckers.org/xss.html XSS cheat sheet] (Breaker)
# [https://developer.mozilla.org/en/Introducing_Content_Security_Policy Content Security Policy] (Builder)
+
# [http://yehg.net/lab/pr0js/pentest/flash-xsser.php Flash-based XSSer] (Breaker)
# [https://www.owasp.org/index.php/DOM_Based_XSS Dom Based XSS]
+
# [http://yehg.net/lab/pr0js/pentest/ie-referer-xsser.php IE Referer XSSer] (Breaker)
# [https://www.owasp.org/index.php?title=DOM_based_XSS_Prevention_Cheat_Sheet Dom Based XSS Prevention Cheat Sheet] (Builder)
+
# [https://www.owasp.org/index.php/DOM_Based_XSS Dom Based XSS] (Breaker)
# [https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series AppSec Tutorial Project - Cross Site Scripting] ([http://www.youtube.com/watch?v=_Z9RQSnf8-g Video Link])
+
# [https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series AppSec Tutorial Project - Cross Site Scripting] ([http://www.youtube.com/watch?v=_Z9RQSnf8-g Video Link]) (Breaker)
 +
# [http://yehg.net/e/ PHP Charset Encoder] (Breaker)
 +
# [http://yehg.net/lab/pr0js/pentest/CAL9000/ CAL9000] (Breaker)
 +
# [http://utf-8.jp/ utf8.jp's JS Encoders] (Breaker)
 
# [http://labs.neohapsis.com/2012/04/25/abusing-password-managers-with-xss/ Abusing Password Managers with XSS] (Breaker)
 
# [http://labs.neohapsis.com/2012/04/25/abusing-password-managers-with-xss/ Abusing Password Managers with XSS] (Breaker)
 
# [http://labs.neohapsis.com/2012/04/19/xss-shortening-cheatsheet/ XSS Shortening Cheat Sheet] (Breaker)
 
# [http://labs.neohapsis.com/2012/04/19/xss-shortening-cheatsheet/ XSS Shortening Cheat Sheet] (Breaker)
 +
# [https://developer.mozilla.org/en/Introducing_Content_Security_Policy Content Security Policy] (Builder)
 +
# [https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet OWASP XSS Prevention Cheat Sheet] (Builder)
 +
# [https://www.owasp.org/index.php?title=DOM_based_XSS_Prevention_Cheat_Sheet Dom Based XSS Prevention Cheat Sheet] (Builder)
  
 
===June - Access Control===
 
===June - Access Control===

Revision as of 02:14, 17 June 2012

Contents

About

OWASP is starting a monthly security blitz where we will rally the security community around a particular topic. The topic may be a vulnerability, defensive design approach, technology or even a methodology. All members of the security community are encouraged to write blog posts, articles, patches to tools, videos etc in the spirit of the current monthly topic. Our goal is to show a variety of perspectives on the topic from the different perspectives of builders, breakers and defenders.

How Can You Help?

Individual Experts

As an individual please create material on the monthly security topic. If you have recently created material that is relevant to the month at hand then please link it in the section below. As mentioned above, the goal is to have a variety of perspectives (builder, breaker, defender, policy, etc) and types of content (tools, docs, videos, code patches, etc)

Companies / Organizations / Universitites

Please consider launching an internal awareness program to coincide with the security blitz. This will allow all of us to pool resources and maximize the impact of each month's topic.

Monthly Security Topics

Articles/Contributions/Updates

Please add links to any stories, posts, articles, etc that are related to the current month

April - SQL Injection

  1. OWASP Parameterization Cheat Sheet
  2. The Power of the Apostrophe blog (funny)
  3. OWASP SQL Injection Cheat Sheet

May - Cross Site Scripting

  1. XSS cheat sheet (Breaker)
  2. Flash-based XSSer (Breaker)
  3. IE Referer XSSer (Breaker)
  4. Dom Based XSS (Breaker)
  5. AppSec Tutorial Project - Cross Site Scripting (Video Link) (Breaker)
  6. PHP Charset Encoder (Breaker)
  7. CAL9000 (Breaker)
  8. utf8.jp's JS Encoders (Breaker)
  9. Abusing Password Managers with XSS (Breaker)
  10. XSS Shortening Cheat Sheet (Breaker)
  11. Content Security Policy (Builder)
  12. OWASP XSS Prevention Cheat Sheet (Builder)
  13. Dom Based XSS Prevention Cheat Sheet (Builder)

June - Access Control

  1. From OWASP Mantra YouTube channel (Breaker)
    1. URL Access
    2. Broken Session Management
    3. Broken Authentication