{"id":81,"date":"2007-02-25T22:29:38","date_gmt":"2007-02-26T01:29:38","guid":{"rendered":"http:\/\/talsoft.com.ar\/weblog\/?p=81"},"modified":"2007-02-25T22:29:38","modified_gmt":"2007-02-26T01:29:38","slug":"auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/","title":{"rendered":"Auditor\u00c3\u00ada de aplicaciones Web y nueva versi\u00c3\u00b3n de la gu\u00c3\u00ada de testing OWASP"},"content":{"rendered":"

Vaya dos noticias may\u00c3\u00basculas tenemos hoy sobre seguridad y auditor\u00c3\u00ada de aplicaciones Web.<\/p>\n

Por un lado comentan en SecuriTeam<\/a>, autores de un gran paper<\/em> previo<\/a>, que Honeynet ha sacado un nuevo documento, muy en su l\u00c3\u00adnea habitual, titulado Know your Enemy: Web Application Threats<\/a>, y con asuntos tan interesantes como la inyecci\u00c3\u00b3n de c\u00c3\u00b3digo, la inyecci\u00c3\u00b3n SQL, la inclusi\u00c3\u00b3n de c\u00c3\u00b3digo remoto, Cross-Site Scripting, t\u00c3\u00a9cnicas de descubrimiento \u00e2\u20ac\u00a6 una aut\u00c3\u00a9ntica joya. El paper hace un uso intensivo de una herramienta muy efectiva en este tipo de an\u00c3\u00a1lisis, el Google Hack Honeypot<\/a>, del que ya hablamos en este blog <\/a>en una ocasi\u00c3\u00b3n anterior.<\/p>\n

Honeynet es de estos grupos de investigaci\u00c3\u00b3n que no defrauda: genera informaci\u00c3\u00b3n libre de primera mano, muy completa t\u00c3\u00a9cnicamente y procede de aut\u00c3\u00a9nticos investigadores de campo. Esencial en la biblioteca de cualquier usuario interesado en la seguridad. \u00c2\u00bfQu\u00c3\u00a9 mas se podr\u00c3\u00ada pedir?<\/p>\n

Pues s\u00c3\u00ad, se podr\u00c3\u00ada pedir m\u00c3\u00a1s. Y ese algo m\u00c3\u00a1s es que la gente que lidera la investigaci\u00c3\u00b3n en estos temas publique un m\u00c3\u00a9todo para el an\u00c3\u00a1lisis de aplicaciones Web. Pues nada, a festejar que tenemos la versi\u00c3\u00b3n 2.0 de la Testing Guide<\/em> OWASP<\/a> oficialmente disponible. Open Web Application Security Project<\/em> (OWASP) es una gu\u00c3\u00ada y conjunto de herramientas para la realizaci\u00c3\u00b3n de auditor\u00c3\u00adas y revisiones t\u00c3\u00a9cnicas de aplicativos Web.<\/p>\n

Con Webscarab<\/a> como principal baluarte en lo que a herramientas se refiere, esta extraordinaria metodolog\u00c3\u00ada, conjunto de herramientas y gu\u00c3\u00ada de testing<\/em> proporciona paso a paso todos los elementos que deben ser ejecutados en un an\u00c3\u00a1lisis Web, con el aliciente de que todo lo que forma parte de OWASP<\/a> es material libre.<\/p>\n

Con gu\u00c3\u00adas y herramientas de esta calidad, cualquier usuario podr\u00c3\u00ada hacer un an\u00c3\u00a1lisis Web. Es cuestion de paciencia, de ir probando y de ir cogiendo pr\u00c3\u00a1ctica con el m\u00c3\u00a9todo, ya que en s\u00c3\u00adntesis, es siempre el mismo. La experiencia es siempre un grado, pero nunca es tarde para ir atesor\u00c3\u00a1ndola.<\/p>\n

Fuente: http:\/\/www.sahw.com\/wp\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Vaya dos noticias may\u00c3\u00basculas tenemos hoy sobre seguridad y auditor\u00c3\u00ada de aplicaciones Web. Por un lado comentan en SecuriTeam, autores de un gran paper previo, que Honeynet ha sacado un nuevo documento, muy en su l\u00c3\u00adnea habitual, titulado Know your Enemy: Web Application Threats, y con asuntos tan interesantes como la inyecci\u00c3\u00b3n de c\u00c3\u00b3digo, la […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,1],"tags":[],"class_list":["post-81","post","type-post","status-publish","format-standard","hentry","category-noticias","category-profesional"],"yoast_head":"\nTalSoft - Seguridad Inform\u00e1tica Empresarial - Auditor\u00c3\u00ada de aplicaciones Web y nueva versi\u00c3\u00b3n de la gu\u00c3\u00ada de testing OWASP<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Auditor\u00c3\u00ada de aplicaciones Web y nueva versi\u00c3\u00b3n de la gu\u00c3\u00ada de testing OWASP\",\"datePublished\":\"2007-02-26T01:29:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/\"},\"wordCount\":374,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"articleSection\":[\"Noticias\",\"Profesional\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Auditor\u00c3\u00ada de aplicaciones Web y nueva versi\u00c3\u00b3n de la gu\u00c3\u00ada de testing OWASP\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"datePublished\":\"2007-02-26T01:29:38+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Auditor\u00c3\u00ada de aplicaciones Web y nueva versi\u00c3\u00b3n de la gu\u00c3\u00ada de testing OWASP","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Auditor\u00c3\u00ada de aplicaciones Web y nueva versi\u00c3\u00b3n de la gu\u00c3\u00ada de testing OWASP","datePublished":"2007-02-26T01:29:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/"},"wordCount":374,"commentCount":0,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"articleSection":["Noticias","Profesional"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/","url":"https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Auditor\u00c3\u00ada de aplicaciones Web y nueva versi\u00c3\u00b3n de la gu\u00c3\u00ada de testing OWASP","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"datePublished":"2007-02-26T01:29:38+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/auditoria-de-aplicaciones-web-y-nueva-version-de-la-guia-de-testing-owasp\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/81","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=81"}],"version-history":[{"count":0,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/81\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=81"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=81"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=81"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}