[Owasp-baltimore] OWASP Testing Topics?

Brad bradhscherer at gmail.com
Mon Mar 5 18:47:59 UTC 2018


Hi All,

It sounds like we have a topic and speakers (Dave and Shawn). Are there
any times in late March that you aren't available? I was thinking any
night the week of the 27th.

Thanks,

Brad
 

On 3/5/18 10:37 AM, Shawn Duffy wrote:
> Awesome.  I'd like to see that topic at the next Meetup.
>
> Also, we are coming across web application development activities that
> I would like to share with some new partners.
> My business is more IV&V during the SDLC, so a partner could benefit
> us greatly.  Let me know if you are interested.
>
> Thanks,
> Shawn
>
>
> --*
> Shawn Duffy, CISSP CSA+*
> President & Principal Security Consultant
> *Duffy Consulting Services, LLC*
> https://www.Duffyconsulting.us <http://www.duffyconsulting.us>
>
>
>
> On Mon, Mar 5, 2018 at 10:04 AM, Dave Wichers <dave.wichers at owasp.org
> <mailto:dave.wichers at owasp.org>> wrote:
>
>     I have deep experience with ZAP and have used Burp in the past,
>     but not in a while. I definitely think this would be a good topic
>     and am happy to help demo some of the ZAP stuff, if there is a
>     need.  We haven't met in a while so its time to set something up!!
>
>     -Dave
>
>
>     On Tue, Feb 27, 2018 at 7:39 PM, Chaim Sanders
>     <chaim at chaimsanders.com <mailto:chaim at chaimsanders.com>> wrote:
>
>         I think it would be best to offer insight into both zap and
>         burp equally. Whenever I teach these concepts I always cover
>         both as they each have their strong suits.
>
>         On Sat, Jan 27, 2018, 12:58 AM Alex Boese
>         <alexanderashleyboese at gmail.com
>         <mailto:alexanderashleyboese at gmail.com>> wrote:
>
>             Would it be too much to ask to leverage Burp? Burp is free
>             to use, and very cheap to license for pro use. I’d be hard
>             pressed to find a web developer who couldn’t shell out the
>             money for it at least once in their career. I believe It’s
>             also Jython based, which gives one the option to develop
>             plugins in java or python as I recall. Understandably not
>             open source, but many of the things it can do are not so
>             complex that they couldn’t be ported to an open source
>             project, if truly desired. I guess what I’m trying to
>             state is that while being a nice tool, it’s low enough to
>             the ground that you don’t really get the feeling the tool
>             is doing all the work for you.
>
>             -Alex
>
>             Sent from my iPad
>
>             On Jan 26, 2018, at 7:07 PM, Shawn Duffy
>             <Shawn at duffyconsulting.us
>             <mailto:Shawn at duffyconsulting.us>> wrote:
>
>>             Just looking for an interest level:
>>
>>             Would the group be interested in seeing some of the OWASP
>>             tools used for web application testing?
>>
>>             Perhaps some of the feature of ZAP, OWTF, or maybe just
>>             open-source tools?  
>>             What about understanding some of the vulnerabilities
>>             associated with web applications that are different that
>>             normal network traffic vulnerabilities such as XSS, SQL
>>             injection, or LFI/RFI?
>>
>>             Thanks,
>>             Shawn
>>
>>             --*
>>             Shawn Duffy, CISSP CSA+*
>>             President & Principal Security Consultant
>>             *Duffy Consulting Services, LLC*
>>             https://www.Duffyconsulting.us
>>             <http://www.duffyconsulting.us>
>>             _______________________________________________
>>             Owasp-baltimore mailing list
>>             Owasp-baltimore at lists.owasp.org
>>             <mailto:Owasp-baltimore at lists.owasp.org>
>>             https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>>             <https://lists.owasp.org/mailman/listinfo/owasp-baltimore>
>             _______________________________________________
>             Owasp-baltimore mailing list
>             Owasp-baltimore at lists.owasp.org
>             <mailto:Owasp-baltimore at lists.owasp.org>
>             https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>             <https://lists.owasp.org/mailman/listinfo/owasp-baltimore>
>
>
>         _______________________________________________
>         Owasp-baltimore mailing list
>         Owasp-baltimore at lists.owasp.org
>         <mailto:Owasp-baltimore at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>         <https://lists.owasp.org/mailman/listinfo/owasp-baltimore>
>
>
>
>     _______________________________________________
>     Owasp-baltimore mailing list
>     Owasp-baltimore at lists.owasp.org
>     <mailto:Owasp-baltimore at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-baltimore
>     <https://lists.owasp.org/mailman/listinfo/owasp-baltimore>
>
>
>
>
> _______________________________________________
> Owasp-baltimore mailing list
> Owasp-baltimore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-baltimore

-- 
Sensitive Data? Please Encrypt: http://bit.ly/bhs_pgp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-baltimore/attachments/20180305/989d4f39/attachment-0001.html>


More information about the Owasp-baltimore mailing list