Difference between revisions of "Projects/OWASP Zed Attack Proxy Project/Pages/Talks"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
'''Upcoming Talks/Training:'''
 
'''Upcoming Talks/Training:'''
 
'''2014 June 4: Akamai, Cambridge, MA [http://events.com/Cambridge-Massachusetts/Community/Training-SQL-Injection-real-exploit-OWASP-ZED-Attack-Proxy?eid=53866c228d399a0794ed9c1b&ws=to&wm=cp Jim Weiler: OWASP ZED Attack Proxy]'''
 
 
Jim Weiler will introduce the OWASP Zed Attack Proxy (ZAP). This is a very powerfull free OWASP intercepting proxy that lets you see, analyse, change, replay etc. every browser request and response, analyse your session, scan and attack web sites, save the results and run reports. We can't cover all the functionality but we'll show some practical tips and techniques.
 
 
 
'''2014 June 5: International Testing Conference, Tallinn, Estonia [http://nordictestingdays.eu/new-adventures-security-testing Dan Billing: New Adventures in Security]'''
 
 
Learning new skills and experiences are key to developing any career, but in the rapidly changing world of software testing it is particularly necessary. Recently my work has led me to need to develop my security testing skills, but more than that it has opened doors into a whole new world of skills and techniques, and I am still learning more and more.
 
 
This track explores how I have approached the problems I have encountered, formulated my learning, and how I have developed an understanding of the key features of security testing in an accessible way.
 
 
  
 
'''2014 June 24: Velocity, Santa Clara, CA [http://velocityconf.com/velocity2014/public/schedule/detail/34139 James Wickett, Gareth Rushgrove] Battle-tested Code without the Battle - Security Testing and Continuous Integration'''
 
'''2014 June 24: Velocity, Santa Clara, CA [http://velocityconf.com/velocity2014/public/schedule/detail/34139 James Wickett, Gareth Rushgrove] Battle-tested Code without the Battle - Security Testing and Continuous Integration'''

Revision as of 03:47, 10 June 2014

Upcoming Talks/Training:

2014 June 24: Velocity, Santa Clara, CA James Wickett, Gareth Rushgrove Battle-tested Code without the Battle - Security Testing and Continuous Integration

Everyone knows that we need to harden our code before it goes into production, but very few actually test for security flaws in their delivery pipeline. We will show a basic continuous delivery pipeline that should be familiar to anyone who has worked with continuous integration, and then proceed to add steps to identify security issues in a typical web application stack.

Attendees will be able to follow along either online or by building the pipeline locally on their own computers. All of the source code will be open source and available for people to use for testing their own applications after the conference. We’ll use a range of open source technology including OWASP ZAP, Gauntlt, Jenkins, Vagrant and more.


2014 June 25: OWASP AppSec EU, Cambridge, UK Simon Bennetts: ZAP Advanced Features

The Zed Attack Proxy (ZAP) is an OWASP Flagship project and the largest open source web application security tool measured by active contributors. While it is an ideal tool for people new to appsec it also has many features specifically intended for advanced penetration testing.

In this talk Simon will give a quick introduction to ZAP and then dive into some of these features, including:

  • Handling single page and other ‘non standard’ apps
  • Client side testing with Plug-n-Hack
  • Advanced scanning options
  • Contexts
  • Fuzzing
  • Scripting
  • Zest - ZAP’s macro language
  • Changing the source code


2014 June 27: BSides Manchester, UK Simon Bennetts: ZAP Advanced Features

The Zed Attack Proxy (ZAP) is an OWASP Flagship project and the largest open source web application security tool measured by active contributors. While it is an ideal tool for people new to appsec it also has many features specifically intended for advanced penetration testing.

In this talk Simon will give a quick introduction to ZAP and then dive into some of these features, including:

  • Handling single page and other ‘non standard’ apps
  • Client side testing with Plug-n-Hack
  • Advanced scanning options
  • Contexts
  • Fuzzing
  • Scripting
  • Zest - ZAP’s macro language
  • Changing the source code