We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

OWASP Web Testing Methodology

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
1
 Cite
 Share
 Download Purchase
Logo of FOSDEM VZWFOSDEM VZW
 Meucci, Matteo

Formal Metadata

Title
OWASP Web Testing Methodology
Title of Series
Number of Parts
70
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
The speech goal is to show the OWASP testing methodology and how you can implement a software development lifecycle that permit to develop more secure applications. The Open Web Application Security Project (OWASP) wants to deliver free tools and documentation for the Web Application Security. The talk will present the new OWASP Testing Guide v3 that includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues. OWASP Testing Guide v3 is a 349 page book; we have split the set of active tests in 9 sub-categories for a total of 66 controls to test during the Web Application Testing activity. FOSDEM (Free and Open Source Development European Meeting) is a European event centered around Free and Open Source software development. It is aimed at developers and all interested in the Free and Open Source news in the world. Its goals are to enable developers to meet and to promote the awareness and use of free and open source software.
00:00
Statistical hypothesis testingGoodness of fitWeb 2.0Web applicationTotal S.A.Information securitySoftwareStatistical hypothesis testingCartesian coordinate systemVulnerability (computing)WikiContent (media)BuildingAreaCodeOpen sourceProjective planeSoftware developerSoftware frameworkMathematical analysisFormal verificationCore dumpVirtual machineClient (computing)Server (computing)Multiplication signUniverse (mathematics)WordProxy serverCausalityOpen setValidity (statistics)Object (grammar)Cross-site scriptingConfidence intervalCondition numberData miningWave packetProcess (computing)QuicksortPrice indexTerm (mathematics)MereologyPublic key certificateWebsiteBeat (acoustics)Dependent and independent variablesGodXMLComputer animationLecture/Conference
06:11
MathematicsMaß <Mathematik>Group actionStatistical hypothesis testingComplex (psychology)Web applicationCartesian coordinate systemRevision controlExpert systemSubject indexingBeta functionTemplate (C++)WikiFile formatProbability density functionSystem callAuthorizationInjektivitätInformation securityWebsiteCore dumpTraffic reportingVulnerability (computing)ResultantLevel (video gaming)Vector spaceEndliche ModelltheorieDifferent (Kate Ryan album)Group actionPlanningProjective planeLetterpress printingWeb pageForm (programming)Configuration managementSequelCausalityPoint (geometry)Category of beingAdditionPhysical lawMixed realityNetwork topologyMotion captureBitVotingMenu (computing)Machine visionDivision (mathematics)Video game consoleOpen sourceSpring (hydrology)LiquidRight angleGame theoryUsabilityLecture/Conference
12:14
AuthorizationStatistical hypothesis testingSubject indexingConfiguration managementReal numberMechanism designInformationWebsiteCategory of beingSequelOracleInjektivitätFunction (mathematics)Bus (computing)Dot productSoftware frameworkAdditionGroup actionFrame problemNumberValuation (algebra)State of matterWeb serviceCurveVideoconferencingOrder (biology)PasswordWeb browserForm (programming)ImplementationCommunications protocolData managementTwitterCartesian coordinate systemSampling (statistics)Vulnerability (computing)Point (geometry)UsabilityDependent and independent variablesSystem administratorAuthenticationResultantBitCross-site scriptingIP addressWeightProbability density functionValidity (statistics)Query languageServer (computing)Integrated development environmentMereologySoftwareGame controllerWeb applicationEnumerated typeFlash memoryLecture/Conference
17:38
Punched cardGamma functionStatistical hypothesis testingCartesian coordinate systemCodeCuboidCollaborationismWeb applicationMultiplication signFunctional (mathematics)Black boxIP addressCross-site scriptingSource codeSubject indexingProcess (computing)Vulnerability (computing)Template (C++)Power (physics)Open sourceResultantLecture/Conference
19:57
Network topologyInformationGraph (mathematics)Scripting languageTouch typingProcess (computing)Smith chartRight angleBlack boxWeb browserView (database)TouchscreenPower (physics)Cartesian coordinate systemWeb 2.0Vector spaceValidity (statistics)Cross-site scriptingFunction (mathematics)Web applicationStatistical hypothesis testingInformation securityoutputLecture/Conference
21:46
InformationBeta functionData managementConfiguration spaceStatistical hypothesis testingFunction (mathematics)Normed vector spaceStatistical hypothesis testingChromosomal crossoverStatistical hypothesis testingCartesian coordinate systemAttribute grammarDirectory serviceTable (information)MetreDependent and independent variablesData managementOperator (mathematics)Point (geometry)Set (mathematics)Right angleSequelWeb browserArchaeological field surveyComputing platformHTTP cookieConfiguration managementDemosceneMultiplication signRow (database)Key (cryptography)InformationCuboidNumbering schemePasswordNetwork topologyPhase transitionElectric generatorInformation securityServer (computing)MereologyFingerprintGraph coloringOffice suiteState of matterTransport Layer SecurityData storage deviceWeb 2.0InjektivitätPerimeterUniqueness quantificationGreatest elementEndliche ModelltheorieAuthenticationCryptographyEncryptionInternetworkingWeb crawlerDifferent (Kate Ryan album)Web applicationForm (programming)Front and back endsWeb pageFehlererkennungValidity (statistics)RoboticsString (computer science)AlgorithmLinearizationCodeSoftware testingField (computer science)EmailBackupComputer fileDirection (geometry)LoginSystem administratorInterface (computing)Data Encryption StandardMathematical analysisError messageDatabaseRevision controlLine (geometry)Lecture/Conference
29:35
Data managementHTTP cookieFunction (mathematics)FingerprintAuthenticationWeb 2.0Group actionPasswordTelebankingHTTP cookieSpywareHeat transferCartesian coordinate systemWeb applicationLogicSoftwareÜbertragungsfunktionWeb pageMultiplication signMedical imagingLaptopIdentity managementVulnerability (computing)Error messageMechanism designWebsiteServer (computing)AuthenticationNumberInformationFunctional (mathematics)EmailWeb browserResultantStatistical hypothesis testingValidity (statistics)Variable (mathematics)CountingLinearizationCross-site scriptingElectric generatorForm (programming)Insertion lossInheritance (object-oriented programming)AreaForcing (mathematics)1 (number)UsabilityObject (grammar)TorusUniform resource locatorMeasurementOpen setPrice indexCASE <Informatik>Lecture/Conference
37:23
Proxy serverStatistical hypothesis testingAuthenticationWitt algebraInclusion mapAuthorizationWide area networkLogicMoving averageInterior (topology)Chemical equationServer (computing)AuthenticationParameter (computer programming)InformationMereologyMenu (computing)System administratorHoaxGroup actionWeb 2.0AuthorizationStatistical hypothesis testingWeb browserCartesian coordinate systemProxy serverMechanism designPoint (geometry)Wechselseitige InformationClient (computing)Cross-site scriptingError messageFunction (mathematics)Formal verificationInformation securityFile systemScripting languagePublic key certificateWeb applicationLogicReverse engineeringWebsiteProfil (magazine)HTTP cookieForcing (mathematics)MultiplicationValidity (statistics)Vulnerability (computing)Field (computer science)Greatest elementData storage deviceMessage passingFunctional (mathematics)Network topologyFlow separationWater vaporWordFile formatUsabilityMetreIdentical particlesCASE <Informatik>Cellular automatonResultantState of matterView (database)NumberArchaeological field surveyDistanceNumbering schemeINTEGRALLogic gatePhysical systemAreaLecture/Conference
45:11
Statistical hypothesis testingInjektivitätExplosionData modelSoftwareProcess capability indexInformation securityFibonacci numberWeb applicationBlack boxStatistical hypothesis testingSoftware developerGame controllerPhase transitionCodeCartesian coordinate systemWeb browserComputer fileData managementResultantVolume (thermodynamics)Traffic reportingInsertion lossInformationData structureComputer wormMachine codeInformation securityWeb 2.0Web serviceInjektivitätLikelihood functionTable (information)Category of beingSound effectVulnerability (computing)BuildingHard disk driveCuboidPoint (geometry)View (database)Software maintenanceFile systemOnline helpProcess (computing)Flash memoryStandard deviationProcess capability indexPlastikkarteNumberClient (computing)AuthorizationRevision controlChemical equationFunctional (mathematics)WebsiteBlogArithmetic meanPhysical lawWikiShared memorySelf-organizationDifferent (Kate Ryan album)Endliche ModelltheorieLine (geometry)Game theoryWater vaporOrder (biology)Open sourceSequelUniform resource locatorCycle (graph theory)Wave packetFitness functionGoogolAdditionPhysical systemUsabilityOffice suiteCausalityLecture/Conference
53:00
Lecture/ConferenceXML
Transcript: English(auto-generated)