OWASP Bricks presentation from OWASP-Null combined meet at Delhi, August 2014
-
Upload
abhi-balakrishnan -
Category
Technology
-
view
120 -
download
1
description
Transcript of OWASP Bricks presentation from OWASP-Null combined meet at Delhi, August 2014
Introduction to OWASP Bricks
Who am I?
You really don’t care
You already decided to be in the room
Before we begin
This is not a talk about 0 day
a talk about next big thing in info sec
a tool release
This is about a very small OWASP project
exploits you have heard for last few years
an idea and platform where you can pitch in
Technology has changed our lives
2000 and 2014
2000 2014
Computers Rare to see We can find it each and
every corner
Cell Phones Very Rare to find Most of us have more than
one.!!!
Internet What? Where? Everywhere.!
As of 2014, the number of internet users worldwide
= 2.92 billion
Source: http://www.statista.com/statistics/273018/number-of-internet-users-worldwide/
The Big Picture
Either you can communicate with 2.92 Billion users
Or they can communicate with you
.
What if 1% of 2.92 Billions users tries to connect to
your computer
1% of 2.92 Billions = 292,000,000 users
Some may knock on your door
Closed – Fine
Not Closed – Not fine
What is OWASP Bricks?
Web application security learning platform.
Built with PHP and MySQL.
Open source and free.
‘Break the Bricks’ and learn.
Simple, clean and friendly.
Almost all levels can be solved using Mantra / ZAP.
Code can be reused to build CTFs.
Perfect for lab demos.
OWASP Mantra
Browser for penetration testing.
Cross platform.
Great UI and ready to use.
Perfect tool for manual web app security analysis.
www.getmantra.com
OWASP Zed Attack Proxy
Proxy for web application analysis.
Cross platform.
The best tool for manual/semi automated and automated
web application security analysis.
owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Login pages
Login pages
Comes with security issues
Can be breached using Mantra/ZAP
File upload pages
File upload pages
Comes with security issues
Can be breached using Mantra/ZAP
Content pages
Content pages
Comes with security issues
Can be breached using Mantra
Again, Why?
6 Reasons
1 - Maximum variations of common security issues
2 - Help people to learn the need of secure codding practices
3 - A test bed for analysing the performance of web application security scanners
4 - Help people learn the manual method of testing the applications
5 - Demonstrate the possibilities of various security tools and techniques
6 - Become a platform to teach web application security in a class room/lab environment.
You can
Come up with new bricks
Port OWASP Bricks to other languages
Build more vulnerable applications
Use it in demos/ classrooms
Write articles
So long and thanks for all the attention