Securing the Web

This session focuses on building Web Security Awareness. Its helps the attendees to build their web applications more securely using Web Security Tools. With the help of web security tools, People can attack their own designed Web applications and check for the vulnerabilities in their applications and code it more securely.

For an instance, Assume a coder created Login page, He/She can use ZAP (Mozilla Security Automation Project) to attack his/her Login page and sort out the ways to trace out the flaws. In this way ZAP gives the coder chance to build their Web Application more securely. (Though its only one of the many features of ZAP).

Session Plan: [Talk duration: 30min]

-> Importance of Web Security - 5min

-> Discussing OWASP Top 10 vulnerabilities [Each vulnerability will take 1min for discussion] - 10min

-> Discussing on available open source security tools such as OWASP ZAP, Vega Scanner, Open VAS, Nikto and Uniscan. [5 tools X 1min] - 5min

-> Live Demo [Scanning vulnerable web application to detect vulnerabilities and various other features of the ZAP] - 5min

-> QA - 5min

Outcome:

This session would be able to show path for the attendees how he/she can contribute to Open Web in Security Aspects. The participant can be able to learn following areas:

→ Participant will grasp detailed knowledge on how a web application functions on browser and how they can detect vulnerabilities. (By learning from OWASP Top ten vulnerabilities )

→ Solving vulnerabilities.

→ Contributing to open source security tools.

→ Working on bugs related to vulnerabilities issues.

→ Start contributing to ZAP or other open source security projects in both tech/non-tech aspects.