background preloader

OWASP

Facebook Twitter

OWASP Mobile Security Project. OWASP/ENISA Collaboration OWASP and the European Network and Information Security Agency (ENISA) collaborated to build a joint set of controls.

OWASP Mobile Security Project

ENISA has published the results of the collaborative effort as the "Smartphone Secure Development Guideline": Contributors This document has been jointly produced with ENISA as well as the following individuals: Vinay Bansal, Cisco SystemsNader Henein, Research in MotionGiles Hogben, ENISAKarsten Nohl, SrlabsJack Mannino, nVisium SecurityChristian Papathanasiou, Royal Bank of ScotlandStefan Rueping, InfineonBeau Woods, Stratigos Security Top 10 mobile controls and design principles 1. Risks: Unsafe sensitive data storage, attacks on decommissioned phones unintentional disclosure: Mobile devices (being mobile) have a higher risk of loss or theft. 1.1 In the design phase, classify data storage according to sensitivity and apply controls accordingly (e.g. passwords, personal data, location, error logs, etc.). 2. 3.

Open Web Application Security Project. Un article de Wikipédia, l'encyclopédie libre.

Open Web Application Security Project

Open Web Application Security Project (OWASP) est une communauté en ligne travaillant sur la sécurité des applications Web. Sa philosophie est d'être à la fois libre et ouverte à tous. Elle a pour vocation de publier des recommandations de sécurisation Web et de proposer aux internautes, administrateurs et entreprises des méthodes et outils de référence permettant de contrôler le niveau de sécurisation de ses applications Web.

La fondation OWASP est une organisation caritative enregistrée 501(c)(3) aux États-Unis depuis 2004 et enregistrée en Europe depuis juin 2011 en tant qu’Organisation à but non lucratif qui supporte les infrastructures et projets OWASP. OWASP est aujourd'hui reconnue dans le monde de la sécurité des systèmes d'information pour ses travaux et recommandations liées aux applications Web. Historique[modifier | modifier le code] OWASP a été créé par Mark Curphey le 9 septembre 2001. Projets[modifier | modifier le code] Category:OWASP Top Ten Project. Top 10 2017. OWASP - Top 10 Vulnerabilities in web applications (updated for 2018) Introduction · OWASP Cheat Sheet Series.

Password Storage · OWASP Cheat Sheet Series. Media covers the theft of large collections of passwords on an almost daily basis.

Password Storage · OWASP Cheat Sheet Series

Media coverage of password theft discloses the password storage scheme, the weakness of that scheme, and often discloses a large population of compromised credentials that can affect multiple web sites or other applications. This article provides guidance on properly storing passwords, secret question responses, and similar credential information. Proper storage helps prevent theft, compromise, and malicious use of credentials. Information systems store passwords and other credentials in a variety of protected forms.

Common vulnerabilities allow the theft of protected passwords through attack vectors such as SQL Injection. Specific guidance herein protects against stored credential theft but the bulk of guidance aims to prevent credential compromise. Do not limit the character set and set long max lengths for credentials A reasonable long password length is 160. Hash the password as one of several steps. OWASP ZAP Intro (Online) ZAP in Ten. Cookies are small text files that can be used by websites to make a user's experience more efficient.

ZAP in Ten

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Declaration on our website. Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy. Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. This site uses different types of cookies. You can at any time change or withdraw your consent from the Cookie Declaration on our website. Devenir hacker en 10 minutes - Paul Molin - WEB2DAY 2017.

Juice Shop. OWASP Juice Shop is probably the most modern and sophisticated insecure web application!

Juice Shop

It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Description Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory.

The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a “guinea pig”-application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs. Contributors Licensing Main Selling Points Application Architecture Testimonials.