Author
Jerod Brennen
Released
8/8/2019- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
Duration
Views
- [Jerod] When testing web applications for potential security vulnerabilities, those tests fall into one of two overarching categories, offline tests and online tests. With offline testing, you won't be interacting directly with the deployed instance of your in scope application. The key benefit is that this form of testing is generally considered safer to the application. The trade off is that the results are more likely to be limited than those you would generate from online testing. Both types of testing have value, and you should make every effort to perform both offline and online testing of the business critical apps in your environment. Hello, I'm Jerod Brennen. I've been working in information security long enough to have earned every gray hair in my beard, and I want to share what I've learned over the years to help you begin applying that same knowledge today. Are you ready to learn how to conduct offline application security testing? Good, let's get started.
-
Introduction
-
What you should know1m 17s
-
1. Leading Practices
-
Security in the SDLC3m 45s
-
Development methodologies5m 10s
-
Programming languages3m 19s
-
Security frameworks6m 10s
-
Other notable OWASP projects5m 21s
-
Top 25 Software Errors5m 1s
-
BSIMM6m 31s
-
Building your test lab4m 4s
-
Preparing your checklist3m 21s
-
-
2. Security Documentation
-
Internal project plans5m 39s
-
Communication planning4m 41s
-
Change control policy5m 26s
-
Third-party agreements7m 10s
-
OWASP ASVS4m 16s
-
-
3. Source Code Security Reviews
-
OWASP Code Review Project6m 42s
-
Bytecode scanners4m 37s
-
Binary code scanners6m 13s
-
Code review models7m 55s
-
Application threat modeling4m 42s
-
Code review metrics5m 48s
-
Demo: Codacy4m 29s
-
Demo: SonarQube6m 33s
-
4. Offline Testing for the OWASP Top Ten (2017)
-
The OWASP Top Ten3m 33s
-
A1: Injection6m 48s
-
A2: Broken authentication6m 51s
-
A3: Sensitive data exposure6m 48s
-
A5: Broken access control5m 59s
-
-
Conclusion
-
Next steps3m 18s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: The importance of offline testing