Last Wednesday, I spoke at the Richmond Java Users' Group (RJUG) about many of the same topics I've been covering in this blog, focusing mainly on the OWASP Top 10 vulnerabilities. I used some of the sandbox tools I introduced in my last post to do short demonstrations throughout the talk. I am attaching my slides to this post, which also include links to the tools I used for the demos (see the second-to-last slide).

Next time, I will continue the Top 10 series by talking about insecure storage issues.

It's been a while since I've had the chance to put up a blog entry, mainly due to travel during the last few weeks. This post will take a quick break from the Top 10 series and introduce some useful tools you can use to get hands-on experience with web application vulnerabilities in a sandbox environment.

Traditionally, you would first have to spend a decent amount of time setting up a server, installing/configuring the applications (or worse, writing your own), generating fake data, and generally performing lots of sysadmin work that is really not related to IT security. These tools (along with many others), make this process much easier by providing ready-made environments where you can explore secure coding concepts and "get your hands dirty" on other people's programming mistakes (both intentional and unintentional).