Posts

Showing posts with the label OWASP

Signing Requests to AWS on OWASP Zed Attack Proxy - ZAP

-
Hello All, I've written a Help Add On Script for the OWASP Zed Attack Proxy to sign requests to Amazon AWS. You can check it here . Enjoy it!
Post a Comment
Read more

An introduction to HTTP Security Headers

-
Hello all, It is being a while since my last post. March this year I had a talk at the Confraria0day conference about HTTP Security Headers. I made the slides available here . I hope it helps and let me know if you want to discuss it.
Post a Comment
Read more

Welcome & OWASP Testing Guide v4

-
Welcome. This is my first post. I´d like to share with you some of my experience and thoughts about security, mainly (but not limited to) related with web application security. Here is a place to discuss things related to penetration testing, web security, OWASP, standards, laws, code reviews etc. Feel free to drop me an email and to comment the posts. Well, let´s talk about the new version of Owasp Testing Guide. OWASP Testing Guide is a framework to help people to perform security testing in their applications, especially web applications. It also provides a methodology to risk assessment (e.g. How critical is a XSS flaw in your app?). The current stable version of the project is the third version from 2008. Since 2008 a lot of things changed in application security like new issues, new HTTP readers, new techniques and  for sure we need a new version of this guide. Now the community is working on a new version with some improvements and new testing such as:  ...
Post a Comment
Read more