owasp lapse project n.
Download
Skip this Video
Download Presentation
OWASP LAPSE+ Project

Loading in 2 Seconds...

play fullscreen
1 / 13

OWASP LAPSE+ Project - PowerPoint PPT Presentation


  • 243 Views
  • Uploaded on

OWASP LAPSE+ Project. Bruno Motta Rego bmr@attom.com.br. June 2011. Agenda. Introduction Vulnerabilities Detected Goals Hands On Case Challenges. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'OWASP LAPSE+ Project' - nellis


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
owasp lapse project

OWASP LAPSE+ Project

Bruno Motta Rego

bmr@attom.com.br

June 2011

agenda
Agenda
  • Introduction
  • Vulnerabilities Detected
  • Goals
  • Hands On
  • Case
  • Challenges
introduction
Introduction
  • LAPSE+ is a static analysis of code Eclipse plugin for detecting vulnerabilities of untrusted data injection in Java EE Applications.
  • LAPSE+ is inspired by existing lightweight security auditing tools such as FlawFinder.
  • Developed by Group of Stanford University.
  • GPL Software.
vulnerabilities detected
Vulnerabilities Detected
  • URL Tampering
  • Cookie Poisoning
  • Parameter Tampering
  • Header Manipulation
  • Cross-site Scripting (XSS)
  • HTTP Response Splitting
  • Injections (SQL, Command, XPath, XML, LDAP)
  • Path Traversal
goals
Goals
  • Practical Understanding
  • Challenges
lapse installation
LAPSE+ Installation
  • Eclipse Helios
    • http://www.eclipse.org/downloads/
  • LAPSE+ 2.8.1 plugin for Eclipse Helios.
    • http://evalues.es/downloads/owasp/LapsePlus_2.8.1.jar
lapse configuration
LAPSE+ Configuration
  • Drag and Drop
    • Copy it in the plugins folder of our Eclipse Helios
lapse steps
LAPSE+ Steps
  • Vulnerability Source
  • Vulnerability Sink
  • Provenance Tracker
challenges
Challenges
  • Requirements
    • Eclipse Helios
    • Java 1.6 or higher
  • Support
    • Senior Management
    • Developers approve and use
  • LAPSE+ Project
    • Troughput down
software security challenge
Software Security Challenge

Total Cost of Development

ad