[Owasp-baltimore] OWASP Testing Topics?

Shawn Duffy Shawn at duffyconsulting.us
Mon Mar 5 15:37:51 UTC 2018


Awesome.  I'd like to see that topic at the next Meetup.

Also, we are coming across web application development activities that I
would like to share with some new partners.
My business is more IV&V during the SDLC, so a partner could benefit us
greatly.  Let me know if you are interested.

Thanks,
Shawn


--
*Shawn Duffy, CISSP CSA+*
President & Principal Security Consultant
*Duffy Consulting Services, LLC*
https://www.Duffyconsulting.us <http://www.duffyconsulting.us>



On Mon, Mar 5, 2018 at 10:04 AM, Dave Wichers <dave.wichers at owasp.org>
wrote:

> I have deep experience with ZAP and have used Burp in the past, but not in
> a while. I definitely think this would be a good topic and am happy to help
> demo some of the ZAP stuff, if there is a need.  We haven't met in a while
> so its time to set something up!!
>
> -Dave
>
>
> On Tue, Feb 27, 2018 at 7:39 PM, Chaim Sanders <chaim at chaimsanders.com>
> wrote:
>
>> I think it would be best to offer insight into both zap and burp equally.
>> Whenever I teach these concepts I always cover both as they each have their
>> strong suits.
>>
>> On Sat, Jan 27, 2018, 12:58 AM Alex Boese <alexanderashleyboese at gmail.com>
>> wrote:
>>
>>> Would it be too much to ask to leverage Burp? Burp is free to use, and
>>> very cheap to license for pro use. I’d be hard pressed to find a web
>>> developer who couldn’t shell out the money for it at least once in their
>>> career. I believe It’s also Jython based, which gives one the option to
>>> develop plugins in java or python as I recall. Understandably not open
>>> source, but many of the things it can do are not so complex that they
>>> couldn’t be ported to an open source project, if truly desired. I guess
>>> what I’m trying to state is that while being a nice tool, it’s low enough
>>> to the ground that you don’t really get the feeling the tool is doing all
>>> the work for you.
>>>
>>> -Alex
>>>
>>> Sent from my iPad
>>>
>>> On Jan 26, 2018, at 7:07 PM, Shawn Duffy <Shawn at duffyconsulting.us>
>>> wrote:
>>>
>>> Just looking for an interest level:
>>>
>>> Would the group be interested in seeing some of the OWASP tools used for
>>> web application testing?
>>>
>>> Perhaps some of the feature of ZAP, OWTF, or maybe just open-source
>>> tools?
>>> What about understanding some of the vulnerabilities associated with web
>>> applications that are different that normal network traffic vulnerabilities
>>> such as XSS, SQL injection, or LFI/RFI?
>>>
>>> Thanks,
>>> Shawn
>>>
>>> --
>>> *Shawn Duffy, CISSP CSA+*
>>> President & Principal Security Consultant
>>> *Duffy Consulting Services, LLC*
>>> https://www.Duffyconsulting.us <http://www.duffyconsulting.us>
>>>
>>> _______________________________________________
>>> Owasp-baltimore mailing list
>>> Owasp-baltimore at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>>>
>>> _______________________________________________
>>> Owasp-baltimore mailing list
>>> Owasp-baltimore at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>>>
>>
>> _______________________________________________
>> Owasp-baltimore mailing list
>> Owasp-baltimore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>>
>>
>
> _______________________________________________
> Owasp-baltimore mailing list
> Owasp-baltimore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-baltimore/attachments/20180305/9c2bf8fb/attachment.html>


More information about the Owasp-baltimore mailing list