Discover and read the best of Twitter Threads about #OWASP
Most recents (4)
If you want to Learn Hacking & Penetration Testing for FREE, read this:
⁃ Metasploit Unleashed
- Free Offensive Security Metasploit course.
- The Metasploit Unleashed (MSFU) course is provided
free of charge by Offensive Security.
🔗
offensive-security.com/metasploit-unl…
- Free Offensive Security Metasploit course.
- The Metasploit Unleashed (MSFU) course is provided
free of charge by Offensive Security.
🔗
offensive-security.com/metasploit-unl…
⁃ MITRE ATT&CK®
- #MITRE's Adversarial Tactics, Techniques & Common
Knowledge (ATT&CK) - Curated knowledge base and
model for cyber adversary behavior.
🔗
attack.mitre.org/resources/gett…
- #MITRE's Adversarial Tactics, Techniques & Common
Knowledge (ATT&CK) - Curated knowledge base and
model for cyber adversary behavior.
🔗
attack.mitre.org/resources/gett…
We are just starting our session @hasgeek. @abh1sek talking about data breaches and how they happen.
hasgeek.com/rootconf/data-…
Join the live stream on the webpage.
#datasecurity
hasgeek.com/rootconf/data-…
Join the live stream on the webpage.
#datasecurity
Thank you @hasgeek for giving us this amazing platform to talk about what we love most #datasecurity #appsec
#cloudsecurity
#cloudsecurity
Agenda for the session
OWASP Mitigation : P1
Authentication and session management :
- Make usernames, passwords and authentication data case sensitive and unique for each user
#infosec #websecurity #owasp
Authentication and session management :
- Make usernames, passwords and authentication data case sensitive and unique for each user
#infosec #websecurity #owasp
Password auditing:
- Use complex password policy: upper and lower cases with special characters
- Long phrases are better to use instead of a regular complex password because they are unique and easy to remember
- Forbid the use of common passwords i.e password123
- Use complex password policy: upper and lower cases with special characters
- Long phrases are better to use instead of a regular complex password because they are unique and easy to remember
- Forbid the use of common passwords i.e password123
- Use Multifactor authentication [MFA]
- Use strong hashing algorithm such as SHA-2, bcrypt
- Limit session expiration time
- Use generic error messages for incorrect login attempts to avoid revealing information an attacker can useduring their enumeration process
- Use strong hashing algorithm such as SHA-2, bcrypt
- Limit session expiration time
- Use generic error messages for incorrect login attempts to avoid revealing information an attacker can useduring their enumeration process
@bonniea @goldsmithaaron @AllDayDevOps @nnja @oscon @MaggieFero I'd love for you to hear @appsecjosh 's experiences working with dev teams reviewing, merging, and deploying code...
@bonniea @goldsmithaaron @AllDayDevOps @nnja @oscon @MaggieFero @appsecjosh If you're interested in #automation around pull requests, I know some devs like @github 's #security vulnerability remediation #opensource
help.github.com/en/articles/co…
help.github.com/en/articles/co…
@bonniea @goldsmithaaron @AllDayDevOps @nnja @oscon @MaggieFero @appsecjosh @github For a non-dev-centric perspective, you might try
@mheusser 's How a tester can contribute to the code review process searchsoftwarequality.techtarget.com/tip/How-a-test… #testing #whitebox
@mheusser 's How a tester can contribute to the code review process searchsoftwarequality.techtarget.com/tip/How-a-test… #testing #whitebox
