Discover and read the best of Twitter Threads about #OWASP

Most recents (4)

If you want to Learn Hacking & Penetration Testing for FREE, read this:
⁃ Metasploit Unleashed

- Free Offensive Security Metasploit course.
- The Metasploit Unleashed (MSFU) course is provided
free of charge by Offensive Security.

🔗
offensive-security.com/metasploit-unl…
⁃ MITRE ATT&CK®

- #MITRE's Adversarial Tactics, Techniques & Common
Knowledge (ATT&CK) - Curated knowledge base and
model for cyber adversary behavior.

🔗
attack.mitre.org/resources/gett…
Read 8 tweets
We are just starting our session @hasgeek. @abh1sek talking about data breaches and how they happen.

hasgeek.com/rootconf/data-…

Join the live stream on the webpage.

#datasecurity
Thank you @hasgeek for giving us this amazing platform to talk about what we love most #datasecurity #appsec
#cloudsecurity
Agenda for the session
Read 29 tweets
OWASP Mitigation : P1
Authentication and session management :
- Make usernames, passwords and authentication data case sensitive and unique for each user
#infosec #websecurity #owasp
Password auditing:
- Use complex password policy: upper and lower cases with special characters
- Long phrases are better to use instead of a regular complex password because they are unique and easy to remember
- Forbid the use of common passwords i.e password123
- Use Multifactor authentication [MFA]
- Use strong hashing algorithm such as SHA-2, bcrypt
- Limit session expiration time
- Use generic error messages for incorrect login attempts to avoid revealing information an attacker can useduring their enumeration process
Read 5 tweets
@bonniea @goldsmithaaron @AllDayDevOps @nnja @oscon @MaggieFero I'd love for you to hear @appsecjosh 's experiences working with dev teams reviewing, merging, and deploying code...
@bonniea @goldsmithaaron @AllDayDevOps @nnja @oscon @MaggieFero @appsecjosh If you're interested in #automation around pull requests, I know some devs like @github 's #security vulnerability remediation #opensource
help.github.com/en/articles/co…
@bonniea @goldsmithaaron @AllDayDevOps @nnja @oscon @MaggieFero @appsecjosh @github For a non-dev-centric perspective, you might try
@mheusser 's How a tester can contribute to the code review process searchsoftwarequality.techtarget.com/tip/How-a-test… #testing #whitebox
Read 15 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!