Solved

I need to use OWASP top 10 functionality in my application in full fleged , can anybody guide me for that

Posted on 2013-01-03
6
425 Views
Last Modified: 2014-10-07
i am implementing OWASP top 10 in my application, would be highly appreciable to give proper guideline to implement it.
0
Comment
Question by:vkvinjava32
  • 2
  • 2
6 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 334 total points
ID: 38742289
0
 
LVL 63

Assisted Solution

by:btan
btan earned 166 total points
ID: 38742583
OWASP cheatsheet is a good and quick glimpse on what you need but importantly decide on the programming language and explore the ESAPI which has a wide list of support for that. If you into .NET, suggest you catch this eBook

http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html

This is another quick view of overall that I liked espe for sharing with other developer (single page for each vulnerability). Note also the reference that has further more links to tap on for testing as well

https://www.owasp.org/images/0/0f/OWASP_T10_-_2010_rc1.pdf

Coming back it is not just coding, testing is critical be it Static code and Dynamic test. Like this as quick check where you are in stages of testing.

http://resources.infosecinstitute.com/owasp-top-10-tools-and-tactics/

Of course the various scanner is available out there which I recommend you see this blog
 
http://sectooladdict.blogspot.sg/2012/07/2012-web-application-scanner-benchmark.html
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 334 total points
ID: 38743720
> http://resources.infosecinstitute.com/owasp-top-10-tools-and-tactics/
please don't read
  *OWASP Top 10 Tools* and tactics
but
  *OWASP Top 10*: (some) tools and tactics

these tools a just for beginners to get an idea what web application security is about; depending on the goal to achieve there're more and better tools (not meaning that the listed tools are insufficient, and no offence meant)
another incomplete list
https://www.owasp.org/index.php/Phoenix/Tools

anyway, thanks for the link
0
 
LVL 63

Expert Comment

by:btan
ID: 38743743
No problem, going basic and appreciate the sharing ;) good list
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ransomware protection - Event Sentry and  File auditing 2 46
Top honey pots & reviews of canary 7 53
PGP software 3 36
Political Map of Europe - Wikipedia? 4 19
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
The viewer will learn how to dynamically set the form action using jQuery.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question