Software Development Methods and Tools—CSCI-3308

Security

Download the slides.

We demonstrated security vulnerabilities live in lecture using the Burp Suite proxy to trap and modify outgoing HTTP requests to a vulnerable RailsGoat web application.

We covered two of the top 10 OWASP vulnerabilities common to most web applications.

A rare benchmark where slower is better. The bcrypt hash algorithm is intentionally slow to prevent offline dictionary attacks.