this post was submitted on 10 Jul 2023
14 points (100.0% liked)

cybersecurity

3249 readers
9 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (2 children)

I am hosting multiple services, but my application/web security knowledge is lacking. Is there a guide or framework to check for common or risky mistakes? Is there a list of things I should check every application for, or guide on how to harden hosted applications? That is a topic that I am going to tackle in the near future, and would appreciate some tips in advance.

[–] [email protected] 1 points 1 year ago (1 children)

There's a browser extension you can use by owasp, I think it's "Penetration Tool Kit" or ptk

I stopped using it because it was slow (being a browser extension and all) but I do like how easy it was to use while needing to be logged in or get past captchas

Owasp zap is good for reconnaissance scanning

I really like burp suite for reverse engineering a web app. You can use the proxy to intercept http packets and see what every change illicits

[–] [email protected] 2 points 1 year ago
[–] [email protected] 1 points 1 year ago (1 children)

OWASP is arguably the standard for web application assessments. They cover most of the areas and testing guidance. Burp Suite web academy offers labs that cover many web application security issues. For secure coding, you'd need to look for references aligned with your language of choice.

[–] [email protected] 1 points 1 year ago