[Owasp-baltimore] OWASP Testing Topics?

Dave Wichers dave.wichers at owasp.org
Mon Mar 5 15:04:39 UTC 2018


I have deep experience with ZAP and have used Burp in the past, but not in
a while. I definitely think this would be a good topic and am happy to help
demo some of the ZAP stuff, if there is a need.  We haven't met in a while
so its time to set something up!!

-Dave


On Tue, Feb 27, 2018 at 7:39 PM, Chaim Sanders <chaim at chaimsanders.com>
wrote:

> I think it would be best to offer insight into both zap and burp equally.
> Whenever I teach these concepts I always cover both as they each have their
> strong suits.
>
> On Sat, Jan 27, 2018, 12:58 AM Alex Boese <alexanderashleyboese at gmail.com>
> wrote:
>
>> Would it be too much to ask to leverage Burp? Burp is free to use, and
>> very cheap to license for pro use. I’d be hard pressed to find a web
>> developer who couldn’t shell out the money for it at least once in their
>> career. I believe It’s also Jython based, which gives one the option to
>> develop plugins in java or python as I recall. Understandably not open
>> source, but many of the things it can do are not so complex that they
>> couldn’t be ported to an open source project, if truly desired. I guess
>> what I’m trying to state is that while being a nice tool, it’s low enough
>> to the ground that you don’t really get the feeling the tool is doing all
>> the work for you.
>>
>> -Alex
>>
>> Sent from my iPad
>>
>> On Jan 26, 2018, at 7:07 PM, Shawn Duffy <Shawn at duffyconsulting.us>
>> wrote:
>>
>> Just looking for an interest level:
>>
>> Would the group be interested in seeing some of the OWASP tools used for
>> web application testing?
>>
>> Perhaps some of the feature of ZAP, OWTF, or maybe just open-source
>> tools?
>> What about understanding some of the vulnerabilities associated with web
>> applications that are different that normal network traffic vulnerabilities
>> such as XSS, SQL injection, or LFI/RFI?
>>
>> Thanks,
>> Shawn
>>
>> --
>> *Shawn Duffy, CISSP CSA+*
>> President & Principal Security Consultant
>> *Duffy Consulting Services, LLC*
>> https://www.Duffyconsulting.us <http://www.duffyconsulting.us>
>>
>> _______________________________________________
>> Owasp-baltimore mailing list
>> Owasp-baltimore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>>
>> _______________________________________________
>> Owasp-baltimore mailing list
>> Owasp-baltimore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>>
>
> _______________________________________________
> Owasp-baltimore mailing list
> Owasp-baltimore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-baltimore/attachments/20180305/46006bf2/attachment.html>


More information about the Owasp-baltimore mailing list