Thursday, March 24, 2011

OWASP Top 10 Tools and Tactics

A tool for each of the OWASP Top 10 to aid in discovering and remediating each of the Top Ten vulnerabilities!

Introduction: If you’ve spent any time defending web applications as a security analyst, or perhaps as a developer seeking to adhere to SDLC practices, you have likely utilized or referenced the OWASP Top 10. Intended first as an awareness mechanism, the Top 10 covers the most critical web application security flaws via consensus reached by a global consortium of application security experts. The OWASP Top 10 promotes managing risk via an application risk management program, in addition to awareness training, application testing, and remediation. Yet, to manage such risk as an application security practitioner or developer, an appropriate tool kit is necessary.

RISK TOOL
A1: Injection ……………………………………………………. sQL Inject Me
A2: Cross-Site Scripting (XSS)……………………………… ZAP
A3: Broken Authentication and Session Management. HackBar
A4: Insecure Direct Object References ………………….. Burp
A5: Cross-Site Request Forgery (CSRF) …………………. Tamper Data
A6: Security Misconfiguration …………………………….. Watobo
A7: Insecure Cryptographic Storage…………………….. N/A
A8: Failure to Restrict URL Access……………………….. Nikto/Wikto
A9: Insufficient Transport Layer Protection…………… Calomel
A10: Unvalidated Redirects and Forwards……………… Watcher

for full article! go this website : http://resources.infosecinstitute.com/owasp-top-10-tools-and-tactics/

No comments: