Owasp lapse project
Download
1 / 13

OWASP LAPSE+ Project - PowerPoint PPT Presentation


  • 240 Views
  • Uploaded on

OWASP LAPSE+ Project. Bruno Motta Rego [email protected] June 2011. Agenda. Introduction Vulnerabilities Detected Goals Hands On Case Challenges. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' OWASP LAPSE+ Project' - nellis


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Owasp lapse project

OWASP LAPSE+ Project

Bruno Motta Rego

[email protected]

June 2011


Agenda
Agenda

  • Introduction

  • Vulnerabilities Detected

  • Goals

  • Hands On

  • Case

  • Challenges


Introduction
Introduction

  • LAPSE+ is a static analysis of code Eclipse plugin for detecting vulnerabilities of untrusted data injection in Java EE Applications.

  • LAPSE+ is inspired by existing lightweight security auditing tools such as FlawFinder.

  • Developed by Group of Stanford University.

  • GPL Software.


Vulnerabilities detected
Vulnerabilities Detected

  • URL Tampering

  • Cookie Poisoning

  • Parameter Tampering

  • Header Manipulation

  • Cross-site Scripting (XSS)

  • HTTP Response Splitting

  • Injections (SQL, Command, XPath, XML, LDAP)

  • Path Traversal


Goals
Goals

  • Practical Understanding

  • Challenges



Lapse installation
LAPSE+ Installation

  • Eclipse Helios

    • http://www.eclipse.org/downloads/

  • LAPSE+ 2.8.1 plugin for Eclipse Helios.

    • http://evalues.es/downloads/owasp/LapsePlus_2.8.1.jar


Lapse configuration
LAPSE+ Configuration

  • Drag and Drop

    • Copy it in the plugins folder of our Eclipse Helios


Lapse steps
LAPSE+ Steps

  • Vulnerability Source

  • Vulnerability Sink

  • Provenance Tracker


Challenges
Challenges

  • Requirements

    • Eclipse Helios

    • Java 1.6 or higher

  • Support

    • Senior Management

    • Developers approve and use

  • LAPSE+ Project

    • Troughput down



Software security challenge
Software Security Challenge

Total Cost of Development



ad