Owasp lapse project
This presentation is the property of its rightful owner.
Sponsored Links
1 / 13

OWASP LAPSE+ Project PowerPoint PPT Presentation


  • 144 Views
  • Uploaded on
  • Presentation posted in: General

OWASP LAPSE+ Project. Bruno Motta Rego [email protected] June 2011. Agenda. Introduction Vulnerabilities Detected Goals Hands On Case Challenges. Introduction.

Download Presentation

OWASP LAPSE+ Project

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Owasp lapse project

OWASP LAPSE+ Project

Bruno Motta Rego

[email protected]

June 2011


Agenda

Agenda

  • Introduction

  • Vulnerabilities Detected

  • Goals

  • Hands On

  • Case

  • Challenges


Introduction

Introduction

  • LAPSE+ is a static analysis of code Eclipse plugin for detecting vulnerabilities of untrusted data injection in Java EE Applications.

  • LAPSE+ is inspired by existing lightweight security auditing tools such as FlawFinder.

  • Developed by Group of Stanford University.

  • GPL Software.


Vulnerabilities detected

Vulnerabilities Detected

  • URL Tampering

  • Cookie Poisoning

  • Parameter Tampering

  • Header Manipulation

  • Cross-site Scripting (XSS)

  • HTTP Response Splitting

  • Injections (SQL, Command, XPath, XML, LDAP)

  • Path Traversal


Goals

Goals

  • Practical Understanding

  • Challenges


Hands on

Hands On


Lapse installation

LAPSE+ Installation

  • Eclipse Helios

    • http://www.eclipse.org/downloads/

  • LAPSE+ 2.8.1 plugin for Eclipse Helios.

    • http://evalues.es/downloads/owasp/LapsePlus_2.8.1.jar


Lapse configuration

LAPSE+ Configuration

  • Drag and Drop

    • Copy it in the plugins folder of our Eclipse Helios


Lapse steps

LAPSE+ Steps

  • Vulnerability Source

  • Vulnerability Sink

  • Provenance Tracker


Challenges

Challenges

  • Requirements

    • Eclipse Helios

    • Java 1.6 or higher

  • Support

    • Senior Management

    • Developers approve and use

  • LAPSE+ Project

    • Troughput down


Owasp lapse project

Case


Software security challenge

Software Security Challenge

Total Cost of Development


Questions and answers

Questions and Answers

?


  • Login