Securing Web by hacking!*
With the right skills, tools and software, you can protect yourself and remain secure. This session will take attendees from no knowledge of open source web security tools to a deep understanding of how to use them and their growing set of capabilities.
This session focuses on building Web Security Awareness. Its helps the attendees to build their web applications more securely using Web Security Tools. With the help of websecurity tools, People can attack their own designed Web applications and check for the vulnerabilities in their applications and code it more securely.
For an instance, Assume a coder created Login page, He can use ZAP (Mozilla Security Automation Project) to attack his Login page and sort out the ways to trace out the flaws. In this way ZAP gives the coder chance to build their Web Application more securely. (Though its only one of the many features of ZAP).
→ Introduction to WebSecurity.
→ Importance of Security Testing Phase in SDLC.
→ Discussing the OWASP Top Ten Vulnerabilities.
→ Brief introduction of open source Web application security testing tools like Burp suite, Vega Scanner, Open VAS, Nikto and Uniscan.
→ Introducing ZAP as a testing environment.
→ A live demo on testing web application using ZAP.
This session would be able to show path for the attendees how he/she can contribute to Mozilla in Security Aspects. The participant can be able to learn following areas:
→ Participant will grasp detailed knowledge on how a web application functions on browser and how he/she detect vulnerabilities. (By learning from OWASP Top ten vulnerabilities )
→ Solving vulnerabilities.
→ Contributing to open source security tools.
→ Working on bugs related to vulnerabilities issues.
→ Start contributing to ZAP in both tech/non-tech aspects.
security, pentesting, hack
As a Mozilla representative, I had organized number of events several projects of Mozilla. Check the below link to see the list of events I had organized. (https://reps.mozilla.org/u/damarla_sumanth/)
As a Mozilla Tech speaker, I had given this talk at FOSSASIA 2015
My blog: https://sumanthmoz.wordpress.com/2015/03/17/134/
Slides(Will be updated for this talk): http://www.slideshare.net/damarlasumanth1/zap-fossasia2015
Security Evangelist, Mozilla Tech Speaker from Mozilla Hyderabad community, India. Conducted series of events related to Web security.Part of Mozilla team which represented FOSSASIA 2015. Done a project for Mozilla Security team under MWoS 2014. Worked with former security developer at US NSA under OWASP Summer code sprint 2015. Invited as sponsored facilitator for Mozfest 2015 (London) and Mozilla Leadership Summit 2016 (Singapore). Invited as speaker for ITAKE Unconference 2016(Romania) and OSCAL 2016(Albania).