this post was submitted on 10 Jul 2023
14 points (100.0% liked)
cybersecurity
3249 readers
9 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I am hosting multiple services, but my application/web security knowledge is lacking. Is there a guide or framework to check for common or risky mistakes? Is there a list of things I should check every application for, or guide on how to harden hosted applications? That is a topic that I am going to tackle in the near future, and would appreciate some tips in advance.
There's a browser extension you can use by owasp, I think it's "Penetration Tool Kit" or ptk
I stopped using it because it was slow (being a browser extension and all) but I do like how easy it was to use while needing to be logged in or get past captchas
Owasp zap is good for reconnaissance scanning
I really like burp suite for reverse engineering a web app. You can use the proxy to intercept http packets and see what every change illicits
Thank you!
OWASP is arguably the standard for web application assessments. They cover most of the areas and testing guidance. Burp Suite web academy offers labs that cover many web application security issues. For secure coding, you'd need to look for references aligned with your language of choice.
Thank you!