We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

OWASP Web Testing Methodology

00:00

Formal Metadata

Title
OWASP Web Testing Methodology
Title of Series
Number of Parts
70
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
The speech goal is to show the OWASP testing methodology and how you can implement a software development lifecycle that permit to develop more secure applications. The Open Web Application Security Project (OWASP) wants to deliver free tools and documentation for the Web Application Security. The talk will present the new OWASP Testing Guide v3 that includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues. OWASP Testing Guide v3 is a 349 page book; we have split the set of active tests in 9 sub-categories for a total of 66 controls to test during the Web Application Testing activity. FOSDEM (Free and Open Source Development European Meeting) is a European event centered around Free and Open Source software development. It is aimed at developers and all interested in the Free and Open Source news in the world. Its goals are to enable developers to meet and to promote the awareness and use of free and open source software.
Statistical hypothesis testingGoodness of fitWeb 2.0Web applicationTotal S.A.Information securitySoftwareStatistical hypothesis testingCartesian coordinate systemVulnerability (computing)WikiContent (media)BuildingAreaCodeOpen sourceProjective planeSoftware developerSoftware frameworkMathematical analysisFormal verificationCore dumpVirtual machineClient (computing)Server (computing)Multiplication signUniverse (mathematics)WordProxy serverCausalityOpen setValidity (statistics)Object (grammar)Cross-site scriptingConfidence intervalCondition numberData miningWave packetProcess (computing)QuicksortPrice indexTerm (mathematics)MereologyPublic key certificateWebsiteBeat (acoustics)Dependent and independent variablesGodXMLComputer animationLecture/Conference
MathematicsMaß <Mathematik>Group actionStatistical hypothesis testingComplex (psychology)Web applicationCartesian coordinate systemRevision controlExpert systemSubject indexingBeta functionTemplate (C++)WikiFile formatProbability density functionSystem callAuthorizationInjektivitätInformation securityWebsiteCore dumpTraffic reportingVulnerability (computing)ResultantLevel (video gaming)Vector spaceEndliche ModelltheorieDifferent (Kate Ryan album)Group actionPlanningProjective planeLetterpress printingWeb pageForm (programming)Configuration managementSequelCausalityPoint (geometry)Category of beingAdditionPhysical lawMixed realityNetwork topologyMotion captureBitVotingMenu (computing)Machine visionDivision (mathematics)Video game consoleOpen sourceSpring (hydrology)LiquidRight angleGame theoryUsabilityLecture/Conference
AuthorizationStatistical hypothesis testingSubject indexingConfiguration managementReal numberMechanism designInformationWebsiteCategory of beingSequelOracleInjektivitätFunction (mathematics)Bus (computing)Dot productSoftware frameworkAdditionGroup actionFrame problemNumberValuation (algebra)State of matterWeb serviceCurveVideoconferencingOrder (biology)PasswordWeb browserForm (programming)ImplementationCommunications protocolData managementTwitterCartesian coordinate systemSampling (statistics)Vulnerability (computing)Point (geometry)UsabilityDependent and independent variablesSystem administratorAuthenticationResultantBitCross-site scriptingIP addressWeightProbability density functionValidity (statistics)Query languageServer (computing)Integrated development environmentMereologySoftwareGame controllerWeb applicationEnumerated typeFlash memoryLecture/Conference
Punched cardGamma functionStatistical hypothesis testingCartesian coordinate systemCodeCuboidCollaborationismWeb applicationMultiplication signFunctional (mathematics)Black boxIP addressCross-site scriptingSource codeSubject indexingProcess (computing)Vulnerability (computing)Template (C++)Power (physics)Open sourceResultantLecture/Conference
Network topologyInformationGraph (mathematics)Scripting languageTouch typingProcess (computing)Smith chartRight angleBlack boxWeb browserView (database)TouchscreenPower (physics)Cartesian coordinate systemWeb 2.0Vector spaceValidity (statistics)Cross-site scriptingFunction (mathematics)Web applicationStatistical hypothesis testingInformation securityoutputLecture/Conference
InformationBeta functionData managementConfiguration spaceStatistical hypothesis testingFunction (mathematics)Normed vector spaceStatistical hypothesis testingChromosomal crossoverStatistical hypothesis testingCartesian coordinate systemAttribute grammarDirectory serviceTable (information)MetreDependent and independent variablesData managementOperator (mathematics)Point (geometry)Set (mathematics)Right angleSequelWeb browserArchaeological field surveyComputing platformHTTP cookieConfiguration managementDemosceneMultiplication signRow (database)Key (cryptography)InformationCuboidNumbering schemePasswordNetwork topologyPhase transitionElectric generatorInformation securityServer (computing)MereologyFingerprintGraph coloringOffice suiteState of matterTransport Layer SecurityData storage deviceWeb 2.0InjektivitätPerimeterUniqueness quantificationGreatest elementEndliche ModelltheorieAuthenticationCryptographyEncryptionInternetworkingWeb crawlerDifferent (Kate Ryan album)Web applicationForm (programming)Front and back endsWeb pageFehlererkennungValidity (statistics)RoboticsString (computer science)AlgorithmLinearizationCodeSoftware testingField (computer science)EmailBackupComputer fileDirection (geometry)LoginSystem administratorInterface (computing)Data Encryption StandardMathematical analysisError messageDatabaseRevision controlLine (geometry)Lecture/Conference
Data managementHTTP cookieFunction (mathematics)FingerprintAuthenticationWeb 2.0Group actionPasswordTelebankingHTTP cookieSpywareHeat transferCartesian coordinate systemWeb applicationLogicSoftwareÜbertragungsfunktionWeb pageMultiplication signMedical imagingLaptopIdentity managementVulnerability (computing)Error messageMechanism designWebsiteServer (computing)AuthenticationNumberInformationFunctional (mathematics)EmailWeb browserResultantStatistical hypothesis testingValidity (statistics)Variable (mathematics)CountingLinearizationCross-site scriptingElectric generatorForm (programming)Insertion lossInheritance (object-oriented programming)AreaForcing (mathematics)1 (number)UsabilityObject (grammar)TorusUniform resource locatorMeasurementOpen setPrice indexCASE <Informatik>Lecture/Conference
Proxy serverStatistical hypothesis testingAuthenticationWitt algebraInclusion mapAuthorizationWide area networkLogicMoving averageInterior (topology)Chemical equationServer (computing)AuthenticationParameter (computer programming)InformationMereologyMenu (computing)System administratorHoaxGroup actionWeb 2.0AuthorizationStatistical hypothesis testingWeb browserCartesian coordinate systemProxy serverMechanism designPoint (geometry)Wechselseitige InformationClient (computing)Cross-site scriptingError messageFunction (mathematics)Formal verificationInformation securityFile systemScripting languagePublic key certificateWeb applicationLogicReverse engineeringWebsiteProfil (magazine)HTTP cookieForcing (mathematics)MultiplicationValidity (statistics)Vulnerability (computing)Field (computer science)Greatest elementData storage deviceMessage passingFunctional (mathematics)Network topologyFlow separationWater vaporWordFile formatUsabilityMetreIdentical particlesCASE <Informatik>Cellular automatonResultantState of matterView (database)NumberArchaeological field surveyDistanceNumbering schemeINTEGRALLogic gatePhysical systemAreaLecture/Conference
Statistical hypothesis testingInjektivitätExplosionData modelSoftwareProcess capability indexInformation securityFibonacci numberWeb applicationBlack boxStatistical hypothesis testingSoftware developerGame controllerPhase transitionCodeCartesian coordinate systemWeb browserComputer fileData managementResultantVolume (thermodynamics)Traffic reportingInsertion lossInformationData structureComputer wormMachine codeInformation securityWeb 2.0Web serviceInjektivitätLikelihood functionTable (information)Category of beingSound effectVulnerability (computing)BuildingHard disk driveCuboidPoint (geometry)View (database)Software maintenanceFile systemOnline helpProcess (computing)Flash memoryStandard deviationProcess capability indexPlastikkarteNumberClient (computing)AuthorizationRevision controlChemical equationFunctional (mathematics)WebsiteBlogArithmetic meanPhysical lawWikiShared memorySelf-organizationDifferent (Kate Ryan album)Endliche ModelltheorieLine (geometry)Game theoryWater vaporOrder (biology)Open sourceSequelUniform resource locatorCycle (graph theory)Wave packetFitness functionGoogolAdditionPhysical systemUsabilityOffice suiteCausalityLecture/Conference
Lecture/ConferenceXML
Transcript: English(auto-generated)