Скачать презентацию OWASP Code Crawler Alessio Marziali Owasp Code Crawler Скачать презентацию OWASP Code Crawler Alessio Marziali Owasp Code Crawler

f172c53800a61624c5574f0885fb2468.ppt

  • Количество слайдов: 19

OWASP Code Crawler Alessio Marziali Owasp Code Crawler Project Leader OWASP Linksfield Technologies Ltd OWASP Code Crawler Alessio Marziali Owasp Code Crawler Project Leader OWASP Linksfield Technologies Ltd Alessio. [email protected] com 06 Nov 2008 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http: //www. owasp. org

Who am I <8+ years experienced Web Developer 4 Author of the following books: Who am I <8+ years experienced Web Developer 4 Author of the following books: § ASP. NET. “Alla scoperta della tecnologia microsoft per lo sviluppo web” § ASP. NET 3. 5. “I nuovi orizzonti della tecnologia Microsoft per lo sviluppo web” 4 Penetration Tester § Clients: Finance, Internet Service Providers, Government § 33+ Advisories in the last year 4 OWASP Code Crawler Project Leader 4 Web Developer at Linksfield Technologies Ltd OWASP 2

Where I’m working < < < High-tech consultancy and software development house Headquartered in Where I’m working < < < High-tech consultancy and software development house Headquartered in London 9 years old 20+ staff Clients in private and public sectors < Microsoft Gold Certified Partner 4 Custom Development 4 Data Management 4 Business Process & Integration 4 Small Business Server < IBM Business Partner < Specialists in Business Process Automation and Systems Integration < Strong Financial services sector experience OWASP 3

OWASP Code Crawler <Built using Visual Studio 2008, C# 3. 0 <Lightweight and ready OWASP Code Crawler

What it does <Automated Security Code Review using 4 OWASP Code Review § Will What it does

OWASP Code Review Integration OWASP 6 OWASP Code Review Integration OWASP 6

Performances and functionalities <Fast Scan 41000~ lines of code (~ 3 seconds to review) Performances and functionalities

Source Code Preview OWASP 8 Source Code Preview OWASP 8

Reporting <Users can perform automated security code review and generated well formatted reports using Reporting

Reporting (XSLT Templates) OWASP 10 Reporting (XSLT Templates) OWASP 10

Team Management <Send Security Code Reviews by email without leaving the application. <Planning Code Team Management

OWASP 12 OWASP 12

Integrated OWASP Brower <Built around OWASP 4 Guides 4 Wiki 4 Tools Are available Integrated OWASP Brower

OWASP 14 OWASP 14

Everything is XML <Everything (from the core to functionalities) relies on XML files as Everything is XML

Coding Code Crawler <We try to keep the code organised and easy to maintain. Coding Code Crawler

The future of OWASP Code Crawler <OWASP Orizon Project <Never outdated reviews 4 Code The future of OWASP Code Crawler

Live Demonstration OWASP 18 Live Demonstration OWASP 18

Q/A OWASP 19 Q/A OWASP 19