Herramientas & CTF de OWAST En este capítulo, Herramientas y CTF de OWAST, aprenderás a utilizar de forma práctica y estratégica una de las herramientas de seguridad más importantes del ecosistema OWASP: OWASP ZAP, junto con diversas tecnologías que complementan el proceso de pentesting, modelado de amenazas, automatización y gestión de vulnerabilidades. A lo largo del contenido recorrerás desde los conceptos fundamentales —como el rol del proxy, el escaneo activo y pasivo, el fuzzing o el rastreo web— hasta herramientas avanzadas que apoyan el ciclo de vida del software seguro, como Threat Dragon, Dependency-Check, Dependency-Track, Nettacker, AppSensor, DefectDojo. Este capítulo está diseñado para que desarrolles una visión completa de cómo se realizan las pruebas de penetración modernas, cómo se integran en entornos DevSecOps y cómo se aplican buenas prácticas para analizar, explotar y mitigar vulnerabilidades en aplicaciones web reales y simuladas. Al finalizar, tendrás una base sólida para ejecutar pentesting profesional, automatizar escaneos y fortalecer la seguridad en todo el ciclo de vida del desarrollo. laprovittera.com/herramienta…

Most people don’t realize how passively powerful your devices are. Let’s compare 👇 @aydo_ai AYDO makes it easy to stream data from any IoT device to DePIN protocols , Supply Data to AI AYDO enables you to supply data from your IoT devices to AI models. @DIMO_Network appSensor & map data, Drive to earn. @DabbaNetwork Share WiFiDecentralized connectivity and earn from it with the LCO deploying the hotspot for you. Take control of your data and start earning with @AYDO_AI

Defending web portals is crucial in today’s digital landscape. Let’s explore how ModSecurity, honeypots, and AppSensor can enhance your security! Let's explore in details 👇 🛡️ ModSecurity acts as a web application firewall, providing real-time monitoring and protection against threats. It’s a must-have for any secure web portal! 🐝 Honeypots are traps set to attract attackers. They help gather intelligence on threats and improve security measures without risking actual data 📊 AppSensor focuses on detecting and responding to attacks in real-time. By implementing it, you can automate responses and minimize damage during an attack. Combining these tools creates a robust security framework for your web portals. Stay proactive and keep your data safe! What security measures are you using? #cybersecurity

🚨 New Writeup Alert! 🚨 "Defending Web Portals: Harnessing ModSecurity, Honeypots, and AppSensor for Robust Security" by Sandeep Saxena is now live on IW! Check it out here: infosecwriteups.com/38526db8… #cybersecurity #owasp #infosec #honeypot #modsecurity

Top 30 SC projects: 1. OWASP WebGoat 2. OWASP Juice Shop 3. Damn Vulnerable Web Application (DVWA) 4. Metasploitable 5. Security Shepherd 6. DVWA (Damn Vulnerable Web App) 7. OWASP Mutillidae II 8. Hacking-Lab 9. OWASP Security Knowledge Framework 10. PicoCTF 11. Hack The Box (HTB) 12. OWTF (Offensive Web Testing Framework) 13. OWASP Amass 14. OWASP OWTF (Offensive Web Testing Framework) 15. OWASP Defectdojo 16. OWASP Security Shepherd 17. OWASP Defectdojo 18. Grr Rapid Response 19. Zeek (formerly Bro) 20. Cuckoo Sandbox 21. OpenIOC 22. MISP (Malware Information Sharing Platform) 23. OWASP Seraphimdroid 24. OWASP Amass 25. OWASP AppSensor 26. OWASP Defectdojo 27. OSQuery 28. BeEF (Browser Exploitation Framework) 29. OWASP AppSensor 30. MISP (Malware Information Sharing Platform)

here's a list of 50 cybersecurity projects: 1. Snort 2. Wireshark 3. Metasploit 4. OWASP ZAP 5. Nikto 6. OSSEC 7. Nessus 8. ModSecurity 9. Suricata 10. Bro (Zeek) 11. AIDE (Advanced Intrusion Detection Environment) 12. Nmap 13. Wazuh 14. MISP (Malware Information Sharing Platform & Threat Sharing) 15. Glastopf 16. Cuckoo Sandbox 17. Shodan 18. OWASP WebGoat 19. OWASP Mutillidae II 20. OWASP Juice Shop 21. OWASP Defectdojo 22. OWASP Security Knowledge Framework 23. OWASP Amass 24. OWASP OWTF 25. OWASP Dependency-Check 26. OWASP Security Shepherd 27. OWASP AppSensor 28. OWASP AppSensor 29. Zeekurity 30. CspAudit 31. Wfuzz 32. Arachni 33. BeEF (Browser Exploitation Framework) 34. Aircrack-ng 35. OWTF (Offensive Web Testing Framework) 36. OWASP Nettacker 37. OpenVAS 38. WPScan 39. Vega 40. HAVP (HTTP Anti-Virus Proxy) 41. Sn1per 42. X5S (Cross-Site Scripting (XSS) Scanning Tool) 43. Wappalyzer 44. Faraday 45. OWASP WebScarab 46. OWASP Mantra 47. ZAProxy 48. Naxsi 49. Pyrit 50. NIST National Checklist Program

Welcome aboard! I have been doing detection Engineering for the past 20 years defending web apps. Two shameless plugs: OWASP AppSensor and my book:

Honey objects of all sorts are amazing, but may forever be facing an uphill battle. "Industry leaders" like ISC2 have in their training materials that honeypots are expensive to setup and maintain. Thus managers are taught they're such... when they're not. It really sucks.

@owasp projects: @zaproxy @owasp_wstg @owasp_juiceshop @OWASPTop10 @OWASP_SKF @OWASPControls @OwaspSAMM @CoreRuleSet @OWASP_MSTG @OWASP_ASVS @DependencyTrack @OWASP_SCVS @Owasp_DevSlop @defectdojo @SecureCodeDojo @OWASPCornucopia @appsensor @OWASPiGoat #AppSec

OWASP AppSensor owasp.org/www-project-appsen… Has a large number of events, largely focused around detecting anomalies and unusual traffic.

I worked with a group to develop a proof of concept during a hackathon and we were very happy with the results. We realized there was so much more that we could do with the tool than we had anticipated

That's awesome - thanks for the heads up Katy!

While reading NIST's "Security Strategies for Microservices-based Application Systems" noticed how OWASP @appsensor is mentioned for monitoring - nice one @_jtmelton nvlpubs.nist.gov/nistpubs/Sp…

Something I've been working on for a little while now. Huge fan of #attackawareapps & all the exciting #AppSec work that's come before w/ @appsensor etc. But noticed a lot of orgs still not got even app-level detection down - let alone response. Hopefully, a different approach.

We’re back from our summer break & would like to invite you to our #CloudNativeNight on 30.9.: Janosch Maier (@CrashtestSec) organizes a #virtual Hacker Escape Game & Simon Bäumler takes a closer look at the @OWASP AppSensor with you: bit.ly/3jsiqqk. #cloudnativenerd

For an experiment based on AppSensor look at semanticscholar.org/paper/Bl… and you could also as in the #project-appsensor channel on @owasp slack

Hey #askinfosec. What happened to OWASP AppSensor? OWASP page looks absolutely corrupted and the project looks unsupported. Can somebody suggest another tool for logging, monitoring, and responding?

@owasp projects #FF @zaproxy @owasp_wstg @owasp_juiceshop @OWASPTop10 @OWASP_SKF @OWASPControls @OwaspSAMM @CoreRuleSet @OWASP_MSTG @OWASP_ASVS @DependencyTrack @OWASP_SCVS @Owasp_DevSlop @defectdojo @SecureCodeDojo @OWASPCornucopia @appsensor @OWASPiGoat #AppSec

Absolutely. Projects like AppSensor and PHPIDS were ahead of their time.... I mined PHPIDS source for detection rules and there is still tons of great and relevant work there...

🚨 Are you ready for John Melton's session - OWASP Appsensor - Self-Defending Applications Through Real-Time Event Detection & Response 🚨 24 hours. 150 sessions. 5 simultaneous tracks. Live Online. November 6. Register for free here ➡️ bit.ly/33oDAyf #AllDayDevOps