Its Web Security month at DC612!
In celebration of Web (in)Security, we are welcoming a special guest, Damodar Chetty. He will be talking to us about the importance of Application Security and a popular OWASP tool used to test applications, ZAP!
Web Application Vulnerability Testing with OWASP’s ZAP and Webgoat
OWASP’s ZAP is an amazingly full featured web hacking toolkit – combining an intercepting proxy with HTTPS support, spidering, as well as passive and active vulnerability scanning capabilities. It also has a great pedigree – it is a flagship project of the Open Web Application Security Project (OWASP) and started life as a fork of the Paros proxy. And the best part is that unlike its competition, ZAP is completely free! All this results in a package that provides an easy entry into the world of web application vulnerability testing. In this hour, we’ll consider how to leverage the features of this interesting tool against an intentionally vulnerable web application – OWASP’s WebGoat. In the process, we’ll also discuss some common web application vulnerabilities, including Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF).
Damodar is an educator, software engineer and life-long student who has spent the last three decades architecting and building software systems in a wide variety of technologies. He has worked for Ameriprise, Best Buy, US Bank, Thomson Reuters, Pearson Vue and the Federal Reserve Bank of Minneapolis, and is currently a Principal Architect for Wealth Management at US Bank. He is the author of “Tomcat 6 — A Developer’s Guide” and was a technical editor for the Third Edition of Core JavaServer Faces (Geary, Horstmann). He satisfies his passion for education by teaching at Metropolitan State University in St Paul and providing corporate training.
If you are planning to come to the War Driving event on 7/15, come by on the 13th to get some of your burning questions answered!
And we should probably talk about a 612 get together at DEF CON.