With the right skills, tools and software, you can protect yourself and remain secure. This session will take attendees from no knowledge of open source web security tools to a deep understanding of how to use them and their growing set of capabilities.
This session focuses on building Web Security Awareness. Its helps the attendees to build their web applications more securely using Web Security Tools. With the help of websecurity tools, People can attack their own designed Web applications and check for the vulnerabilities in their applications and code it more securely.
For an instance, Assume a coder created Login page, He can use ZAP (Mozilla Security Automation Project) to attack his Login page and sort out the ways to trace out the flaws. In this way ZAP gives the coder chance to build their Web Application more securely. (Though its only one of the many features of ZAP).
Session Plan: → Introduction to WebSecurity. → Importance of Security Testing Phase in SDLC. → Discussing the OWASP Top Ten Vulnerabilities. → Brief introduction of open source Web application security testing tools like Burp suite, Vega Scanner, Open VAS, Nikto and Uniscan. → Introducing ZAP as a testing environment. → A live demo on testing web application using ZAP.
Outcome: This session would be able to show path for the attendees how he/she can contribute to Mozilla in Security Aspects. The participant can be able to learn following areas: → Participant will grasp detailed knowledge on how a web application functions on browser and how he/she detect vulnerabilities. (By learning from OWASP Top ten vulnerabilities ) → Solving vulnerabilities. → Contributing to open source security tools. → Working on bugs related to vulnerabilities issues. → Start contributing to ZAP in both tech/non-tech aspects.