Enterprise Security for OWASP top 10 Workshop
Wednesday, 3:15 PM EST - SUNSET
Understanding OWASP top ten will give your application development team a clear vision on how to find the security flaws. We will focus on identifying the weaknesses and provide the ability to the architect or developer in coming up with a robust design.
We will explore the Top Ten vulnerabilities including:
• SQL injection
• Session management
• Cross-Site Scripting (XSS)
• Cross-Sift Request Forgery (CSRF)
• Security misconfigurations
We will be using Kali Linux to understand Top 10 vulnerabilities using Metasploitable applications. In the end, we will see how OpenVas can help in scanning the vulnerabilities in the application.
Understanding OWASP top ten will give your application development team a clear vision on how to find the security flaws. We will focus on identifying the weaknesses and provide the ability to the architect or developer in coming up with a robust design.
We will explore the Top Ten vulnerabilities including:
• SQL injection
• Session management
• Cross-Site Scripting (XSS)
• Cross-Sift Request Forgery (CSRF)
• Security misconfigurations
We will be using Kali Linux to understand Top 10 vulnerabilities using Metasploitable applications. In the end, we will see how OpenVas can help in scanning the vulnerabilities in the application.
Workshop Requirements
This session is a workshop. Please come prepared.
Install Kali Linux
http://docs.kali.org/general-use/kali-linux-virtual-box-guest
To reset install from terminal:
apt-get update
apt-get upgrade -y
apt-get dis-upgrade -y
reboot
Install Metasploitable
https://sourceforge.net/projects/metasploitable/
Installing on virtual box:
http://www.hacking-tutorial.com/tips-and-trick/install-metasploitable-on-virtual-box/#sthash.Tdh0WG8j.dpbs
Install openvas vulnerability scanning tool
https://www.kali.org/penetration-testing/openvas-vulnerability-scanning/
Useful apts to download from terminal:apt-get install preload
apt-get install bleachbit
apt-get install bum
apt-get install gnome-do
apt-get install apt-file
apt-get install scrub
apt-get install shutter
apt-get install figlet
apt-get install metagoofil
apt-get install whois
apt-get install dmitry
apt-get install recon-ng
apt-get install theharvester
apt-get install httrack
About Rohit Bhardwaj
Rohit Bhardwaj is a Director of Architecture working at Salesforce. Rohit has extensive experience architecting multi-tenant cloud-native solutions in Resilient Microservices Service-Oriented architectures using AWS Stack. In addition, Rohit has a proven ability in designing solutions and executing and delivering transformational programs that reduce costs and increase efficiencies.
As a trusted advisor, leader, and collaborator, Rohit applies problem resolution, analytical, and operational skills to all initiatives and develops strategic requirements and solution analysis through all stages of the project life cycle and product readiness to execution.
Rohit excels in designing scalable cloud microservice architectures using Spring Boot and Netflix OSS technologies using AWS and Google clouds. As a Security Ninja, Rohit looks for ways to resolve application security vulnerabilities using ethical hacking and threat modeling. Rohit is excited about architecting cloud technologies using Dockers, REDIS, NGINX, RightScale, RabbitMQ, Apigee, Azul Zing, Actuate BIRT reporting, Chef, Splunk, Rest-Assured, SoapUI, Dynatrace, and EnterpriseDB. In addition, Rohit has developed lambda architecture solutions using Apache Spark, Cassandra, and Camel for real-time analytics and integration projects.
Rohit has done MBA from Babson College in Corporate Entrepreneurship, Masters in Computer Science from Boston University and Harvard University. Rohit is a regular speaker at No Fluff Just Stuff, UberConf, RichWeb, GIDS, and other international conferences.
Rohit loves to connect on http://www.productivecloudinnovation.com.
http://linkedin.com/in/rohit-bhardwaj-cloud or using Twitter at rbhardwaj1.