API-Security icon indicating copy to clipboard operation
API-Security copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Information about tools and payloads

Open IgorSasovets opened this issue 5 years ago • 2 comments

Hi, team! Thanks for the great project. I think it would be useful to add more information about different tools that can be used to test an application and detect security issues. For example, Arachni, ZAP, Burp Suite, .etc. One more thing that would be useful for application developers, QA engineers, security experts - links or examples of possible payloads that can be used to test an application API. There is a cool repository, called PayloadAllTheThings that contains a lot of payload examples to use during a security testing process. I can provide more information about tools and useful sources if it needed.

Best regards, Ihor

IgorSasovets avatar Jul 05 '19 18:07 IgorSasovets

Hi @IgorSasovets, We plan to add a "How to Detect" sub-section for each Top 10 entry. In this new sub-section, we will add recommendations about product categories like SAST, DAST, and Code Review. Since we should keep the document vendor agnostic, there's no space for such (nice) things like Burp Suite.

I think most of your suggestions are best suited to a Cheat Sheet: please check the roadmap.

Cheers, Paulo A. Silva

PauloASilva avatar Jul 09 '19 15:07 PauloASilva

Hi, @PauloASilva !

Thanks for the answer. Then, I think, I will wait for a Cheat Sheet release and open a PR for it.

Best regards, Ihor

IgorSasovets avatar Jul 14 '19 17:07 IgorSasovets