Java Web Application SecurityThe Series Begins

Joseph Konieczka

Sales Engineer

BrixBits

Webinar series format

• Polling questions to help frame the conversation

• Discussion of topic

• Examples and walkthrough

• Homework assignment

Today’s Agenda

• High level overview of the series

• Testing VM Setup

• Introduction to Burp Suite, OWASP ZAP, and WebGoat

Security Powerup!

Assess vulnerabilities!

Navigating the security swamp

OWASP

• Open Web Application Security Project (OWASP)– https://www.owasp.org/index.php/Main_Page

• Top 10 Project– https://www.owasp.org/index.php/Top_10

• Cheat Sheets– https://www.owasp.org/index.php/Cheat_Sheets

• Application Security Verification Standard Project– https://www.owasp.org/index.php/Category:OWASP_Appli

cation_Security_Verification_Standard_Project

• Testing Guide– https://www.owasp.org/index.php/OWASP_Testing_Guide

_v4_Table_of_Contents

Critical components can break.

Vulnerable Web Applications

• WebGoat– https://www.owasp.org/index.php/Category:OWASP_

WebGoat_Project

• The BodgeIt Store– https://github.com/psiinon/bodgeit

• Security Shepherd– https://www.owasp.org/index.php/OWASP_Security_

Shepherd

• Directory– https://www.owasp.org/index.php/OWASP_Vulnerabl

e_Web_Applications_Directory_Project/Pages/Offline

Homework

• Setup a test environment

• Download the OWASP guidance documents

• Attend your local OWASP chapter meeting

• Attend your local Java Users Group meeting

• Signup for next week’s webinar

YouTube Tutorials

• OWASP ZAP Tutorial Videos

– https://www.youtube.com/playlist?list=PLEBitBW-Hlsv8cEIUntAO8st2UGhmrjUB

• OWASP Appsec Tutorial Series

– https://www.youtube.com/channel/UC5xIEA6L0C2IG3iWgs8M2cA

• Many, many others

http://brixbits.com/

http://brixbits.com/request-a-demo/