AppSec Awareness Training - Day 3

3/29/2018 - 6:38 AM

AppSec Awareness Training - Day 3

Notes to Application Security awareness training in line with OWASP SAMM initial development team education effort according to Education and Guidance practice.

appsec_awareness_training_day3.md

Rendered
Source

Review OWASP Testing Guide concepts as a methodology basis for security testing process

https://www.owasp.org/index.php/OWASP_Testing_Project

Demonstrate penetration testing workflow

OWASP DVWA

https://github.com/ethicalhack3r/DVWA
Docker: dvwa:latest

Metasploitable3 + Metasploit Framework

https://github.com/rapid7/metasploitable3
https://github.com/rapid7/metasploit-framework

Practice: demonstrate an automated approach to security testing

Burp Suite https://portswigger.net/burp/
Nessus https://www.tenable.com/products/nessus/nessus-professional

Demonstrate code review basic concepts

OWASP DVWA source code

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

AppSec Awareness Training - Day 3

Review OWASP Testing Guide concepts as a methodology basis for security testing process

Demonstrate penetration testing workflow

Practice: demonstrate an automated approach to security testing

Demonstrate code review basic concepts