logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Automated Security Testing with OWASP Nettacker

Conference:  Global AppSec Dublin 2023
Authors: Sam Stepanyan
2023-02-16

tldr - powered by Generative AI

Nettacker: An Automated Penetration Testing Framework
  • Nettacker is a free and open-source automated reconnaissance and penetration testing tool
  • It can scan networks for vulnerabilities, discover expired SSL certificates, and find subdomains hosting vulnerable versions of content management systems
  • Nettacker can be used by both attackers and defenders, and has been helpful for bug bounty research
  • The tool uses YAML modules and is written in Python
  • Nettacker can be automated using GitHub actions and Docker containers
  • Automated scans can be scheduled to run regularly and generate reports as artifacts
Tags:
OWASP Nettacker
python
penetration testing
Linux
security testing

Feedback loop in DevSecOps - mature security process and dev cooperation

Conference:  OWASP 20th Anniversary Event
Authors: Daniel Krasnokucki
2021-09-24
Abstract:Having Security testing in the pipeline is getting more and more popular, I would say it is becoming a standard! But what we are doing with findings? What are we automating and how are using the automation?The presentation will cover security-as-a-code practices to integrate security testing into the CI and CD pipelines, but in addition - I will discuss the part of the testing that cannot be automated, which is penetration testing. How do you connect it with your automation testing and what is the role of penetration testing in monitoring? I will show how it affects next round of the process and what the process should look like.During the presentation I will discuss real use cases from different pipelines and security tools, showing pros and cons, advantages and challenges. Demo will include GitHub Actions and open-source tools like OWASP ZAP and examples will be provided with pipeline-as-a-code and security-as-a-code. Real life use cases and examples with step-by-step instruction how the development process in mature state of DevSecOps should look like.
Tags:
security testing
automation
penetration testing
DevSecOps
Github Actions

Creating an IoT-connected Mobile App Compliance Program Leveraging OWASP MASVS

Conference:  OWASP 20th Anniversary Event
Authors: Brian Reed
2021-09-24

tldr - powered by Generative AI

The presentation discusses the creation of a certification and testing regime for IoT connected mobile apps and VPNs using the 20 years of history and documentation of OWASP.
  • Mobile apps dominate usage in the market and have security vulnerabilities.
  • The OAuth Mobile Project was created to address mobile app security issues.
  • The prevalence of insecure data storage and network connections in mobile apps is similar to cross-site scripting in web apps.
  • The IOXT organization created a standard for certifying the security of IoT devices and expanded to include mobile connected apps.
  • The 20 years of history and documentation of OWASP were used to create a certification and testing regime for IoT connected mobile apps and VPNs.
  • The speaker's company is a financial sponsor of the OAuth Mobile Project and participates in creating tools and standards for mobile app security.
Tags:
IoT
Mobile App Security
OWASP MASVS
Certification
security testing