OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute...

14
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org Pure AppSec, No Fillers or Preservatives OWASP Cheat Sheet Series Michael Coates - Mozilla September, 2011 Tuesday, September 27, 2011

Transcript of OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute...

Page 1: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.

The OWASP Foundation

OWASP

http://www.owasp.org

Pure AppSec, No Fillers or Preservatives OWASP Cheat Sheet Series

Michael Coates - Mozilla

September, 2011

Tuesday, September 27, 2011

http://www.appsecusa.org/talks.html#cheatsheets
http://www.appsecusa.org/talks.html#cheatsheets
http://www.appsecusa.org/talks.html#cheatsheets
http://www.appsecusa.org/talks.html#cheatsheets
Page 2: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP 2

Compact

http://www.flickr.com/photos/eprater/6043906778

Tuesday, September 27, 2011

http://www.flickr.com/photos/eprater/6043906778
http://www.flickr.com/photos/eprater/6043906778
Page 3: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP 3

Comprehensive

http://www.flickr.com/photos/southbeachcars/5394835890

Tuesday, September 27, 2011

http://www.flickr.com/photos/southbeachcars/5394835890
http://www.flickr.com/photos/southbeachcars/5394835890
Page 4: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP 4

Correct

http://www.flickr.com/photos/behdad/526904677

Tuesday, September 27, 2011

http://www.flickr.com/photos/southbeachcars/5394835890
http://www.flickr.com/photos/southbeachcars/5394835890
Page 5: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP

The Cheat Sheets

5

Tuesday, September 27, 2011

Page 6: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP

The Authors

Abraham KangAchim Hoffmann Chris SchmidtDave Ferguson Dave Wichers David Rook Edwardo Alberto Vela NavaEoin KearyEric Sheridan Erlend OftedalFred Donovan Gareth HeyesJeff Williams Jeremy Long

Jim Manico John StevenKevin Kenan Kevin Wall Lenny ZeltserMario HeiderichMichael Boberski Michael Coates Mike SamuelPaul Petefish Raul Siles Robert HansenStefano Di PaolaTyler Reguly

6

Tuesday, September 27, 2011

Page 7: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP

Most Visited Cheat Sheets

7

XSS  (Cross  Site  Scrip.ng)  Preven.on  Cheat  Sheet  ..........................354,208

SQL  Injec.on  Preven.on  Cheat  Sheet  .............................................180,011

Cross-­‐Site  Request  Forgery  (CSRF)  Preven.on  Cheat  Sheet  .............78,086

Transport  Layer  Protec.on  Cheat  Sheet  ...........................................46,343

Authen.ca.on  Cheat  Sheet  ..............................................................28,074

Total Cheat Sheet Views : 740,000

Tuesday, September 27, 2011

Page 8: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP 8

Tuesday, September 27, 2011

Page 9: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP 9

Tuesday, September 27, 2011

Page 10: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP 10

Tuesday, September 27, 2011

Page 11: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP 11

Tuesday, September 27, 2011

Page 12: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP 12

Tuesday, September 27, 2011

Page 13: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP

What’s Next?

Cheat sheet updatesSingle cheat sheet downloadCheat sheet book

13

Tuesday, September 27, 2011

Page 14: OWASP - AppSec USA2011.appsecusa.org/p/cheatsheets.pdf · Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. ... TransportLayer#Protec.on#CheatSheet

OWASP

Questions?

14

Tuesday, September 27, 2011


What is OWASP OWASP Live CD Live Demo

What is OWASP OWASP Live CD Live Demo

OWASP – Top 10 · • OWASP Code Review Guide • OWASP Testing Guide • OWASP Top Ten Project . OWASP – TOP 10 • OWASP Top 10 Web Application Security Risks for 2010 are:

OWASP – Top 10 · • OWASP Code Review Guide • OWASP Testing Guide • OWASP Top Ten Project . OWASP – TOP 10 • OWASP Top 10 Web Application Security Risks for 2010 are:

FindingClusteringConfigurationstoAccurately ... · FindingClusteringConfigurationstoAccurately InferPacketStructuresfromNetworkData ... transportlayer ,networklayer and ... rd Annual

FindingClusteringConfigurationstoAccurately ... · FindingClusteringConfigurationstoAccurately InferPacketStructuresfromNetworkData ... transportlayer ,networklayer and ... rd Annual

Simplifying Threat Modeling - OWASP2011.appsecusa.org/p/simplifyingthreatmodeling.pdf · Simplifying Threat Modeling Mike Ware Cigital, Inc. 1.703.404.9293, x1251 9/23/2011. OWASP

Simplifying Threat Modeling - OWASP2011.appsecusa.org/p/simplifyingthreatmodeling.pdf · Simplifying Threat Modeling Mike Ware Cigital, Inc. 1.703.404.9293, x1251 9/23/2011. OWASP

OWASP Guadalajara owasp/index.php/Guadalajara

OWASP Guadalajara owasp/index.php/Guadalajara

Owasp tools - OWASP Serbia

Owasp tools - OWASP Serbia

Owasp Mosc2010 - Tour of Owasp Projects

Owasp Mosc2010 - Tour of Owasp Projects

Intel® Authenticate – Integration Guide for GPO€¦ · document. ... TransportLayer Security TransportLayerSecurity(TLS)mustbeenabled.NETFramework TheFactorManagementapplicationrequires.NETFrameworkversion4.5.2or

Intel® Authenticate – Integration Guide for GPO€¦ · document. ... TransportLayer Security TransportLayerSecurity(TLS)mustbeenabled.NETFramework TheFactorManagementapplicationrequires.NETFrameworkversion4.5.2or

OWASP Toronto - OWASP Foundation | Open Source Foundation ...

OWASP Toronto - OWASP Foundation | Open Source Foundation ...

Transportlayer)and)UDP) · Chapter)3)outline) 3.1)Transportlayer) services 3.2)Mul:plexing)and) demulplexing ) 3.3Conneconless transport:)UDP) 3.4)Principles)of)reliable) datatransfer)

Transportlayer)and)UDP) · Chapter)3)outline) 3.1)Transportlayer) services 3.2)Mul:plexing)and) demulplexing ) 3.3Conneconless transport:)UDP) 3.4)Principles)of)reliable) datatransfer)

OWASP The OWASP Foundation

OWASP The OWASP Foundation

Chapter 3 TransportLayer

Chapter 3 TransportLayer

OWASP Belgium Chapter Meeting - Brussels - 8 May 2006 - 1 OWASP Update - Open … · 2006/5/8  · OWASP 8 OWASP?

OWASP Belgium Chapter Meeting - Brussels - 8 May 2006 - 1 OWASP Update - Open … · 2006/5/8  · OWASP 8 OWASP?

DataStorageManagementinCloudEnvironments: … · DataStorageManagementinCloudEnvironments: Taxonomy,Survey,andFutureDirections ... Document-based ... •Transportlayer ...

DataStorageManagementinCloudEnvironments: … · DataStorageManagementinCloudEnvironments: Taxonomy,Survey,andFutureDirections ... Document-based ... •Transportlayer ...

Review OWASP 2014 - OWASP Perú

Review OWASP 2014 - OWASP Perú

New Privacy in Android 11 and OWASP Mobile Security · 2020. 8. 21. · OWASP Flagship Projects Tool Projects OWASP Amass OWASP CSRFGuard OWASP Defectdojo OWASP Dependency-Check OWASP

New Privacy in Android 11 and OWASP Mobile Security · 2020. 8. 21. · OWASP Flagship Projects Tool Projects OWASP Amass OWASP CSRFGuard OWASP Defectdojo OWASP Dependency-Check OWASP

Cis81 E1 4 TransportLayer Rick

Cis81 E1 4 TransportLayer Rick

ng-owasp: OWASP Top 10 for AngularJS Applications

ng-owasp: OWASP Top 10 for AngularJS Applications

OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)

OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)

Proactive Web Application Defenses. Jim Manico @manicode – OWASP Volunteer Global OWASP Board Member Global OWASP Board Member OWASP Cheat-Sheet Series.

Proactive Web Application Defenses. Jim Manico @manicode – OWASP Volunteer Global OWASP Board Member Global OWASP Board Member OWASP Cheat-Sheet Series.