PROJECT - competition landscape for APPSEC
Hi All,
I need detailed information of current application security competition
landscape for one of my university projects. Any pointers to same shall be
helpful. Thanks in advance.
Thanks,
Daryl
My Sincerest apologies for pushing this out on webappsec.org and
securityfocus.com but I thought it would serve as a general guideline
as to what I do and do not expect to receive from a mailing list. I
don't expect emails like the one sent out by Daryl.
Daryl:
A couple of points on etiquette: Your requirement is rather vague and
sounds very much like homework that you don't wish to do yourself. If
that's not the case you should explain what your project is, so that
someone who may be kind enough to help you can actually understand the
context and give you something useful rather than expecting a
data-dump. My suggestion would be to set up a simple to answer
questionnaire around your inquiry so someone can answer it easily and
then you can ask more detailed questions around that in follow-ups.
It's a lot better than just saying "what's the current application
security competition landscape" ...A vague question like that would
result in a curt answer like go pay money to www.gartner.com;
A better forum for this would be one of the stackexchange.com venues.
If you formulate your question in a more appropriate way directly to
me; I will be happy to answer it.
Sincerely,
Ahmed Masud ahmed.masud@trustifier.com
Trustifier Inc.
CEO
C: 613-875-0971
On Mon, Apr 29, 2013 at 4:00 PM, daryl d darylcoz@gmail.com wrote:
Hi All,
I need detailed information of current application security competition
landscape for one of my university projects. Any pointers to same shall be
helpful. Thanks in advance.
Thanks,
Daryl
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Really? You have CEO in your title and you have enough time to chastise a college student on his etiquette on a mailing list? Ridiculous. On the whole his question was written in nearly complete english which passes my bar for acceptable submission to this list.
Daryl,
Are you referring more towards CTFs or CCDC competitions?
Thanks,
D
--- On Tue, 4/30/13, Ahmed Masud ahmed.masud@trustifier.com wrote:
From: Ahmed Masud ahmed.masud@trustifier.com
Subject: Re: [WEB SECURITY] PROJECT - competition landscape for APPSEC
To: "daryl d" darylcoz@gmail.com
Cc: webappsec@securityfocus.com, pen-test@securityfocus.com, "web security" websecurity@webappsec.org
Date: Tuesday, April 30, 2013, 11:15 AM
My Sincerest apologies for pushing this out on webappsec.org and
securityfocus.com but I thought it would serve as a general guideline
as to what I do and do not expect to receive from a mailing list. I
don't expect emails like the one sent out by Daryl.
Daryl:
A couple of points on etiquette: Your requirement is rather vague and
sounds very much like homework that you don't wish to do yourself. If
that's not the case you should explain what your project is, so that
someone who may be kind enough to help you can actually understand the
context and give you something useful rather than expecting a
data-dump. My suggestion would be to set up a simple to answer
questionnaire around your inquiry so someone can answer it easily and
then you can ask more detailed questions around that in follow-ups.
It's a lot better than just saying "what's the current application
security competition landscape" ...A vague question like that would
result in a curt answer like go pay money to www.gartner.com;
A better forum for this would be one of the stackexchange.com venues.
If you formulate your question in a more appropriate way directly to
me; I will be happy to answer it.
Sincerely,
Ahmed Masud ahmed.masud@trustifier.com
Trustifier Inc.
CEO
C: 613-875-0971
On Mon, Apr 29, 2013 at 4:00 PM, daryl d darylcoz@gmail.com wrote:
Hi All,
I need detailed information of current application security competition
landscape for one of my university projects. Any pointers to same shall be
helpful. Thanks in advance.
Thanks,
Daryl
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Hi All,
could you please let me know about application vulnerability scanning tool.
Thanks
Muruganandam
Hi Muruganandam,
OWASP Zed Attack Proxy Project is the perfect tool for you.
It has automated scanners as well as a set of tools that allow you to find
security vulnerabilities manually.
more info & download on
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
regards
Seba
On Thu, May 23, 2013 at 8:35 AM, Muruganandam C muruganandam.c@gmail.comwrote:
Hi All,
could you please let me know about application vulnerability scanning tool.
Thanks
Muruganandam
_____________**
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/**websecurity.rsshttp://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/**83336/4B20E4374DBAhttp://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.**org websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_
lists.webappsec.orghttp://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Here you can find a benchmark of vulnerabilities scanners, including
commercial and free:
http://sectooladdict.blogspot.com.br/2012/07/2012-web-application-scanner-benchmark.html
TH3D34D
On Thu, May 23, 2013 at 3:48 AM, Seba seba@owasp.org wrote:
Hi Muruganandam,
OWASP Zed Attack Proxy Project is the perfect tool for you.
It has automated scanners as well as a set of tools that allow you to find
security vulnerabilities manually.
more info & download on
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
regards
Seba
On Thu, May 23, 2013 at 8:35 AM, Muruganandam C muruganandam.c@gmail.comwrote:
Hi All,
could you please let me know about application vulnerability scanning
tool.
Thanks
Muruganandam
_____________**
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/**websecurity.rsshttp://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/**83336/4B20E4374DBAhttp://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.**org websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_
lists.webappsec.orghttp://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Here you can find a benchmark of vulnerabilities scanners, including
commercial and free:
http://sectooladdict.blogspot.com.br/2012/07/2012-web-application-scanner-benchmark.html
TH3D34D
On Thu, May 23, 2013 at 3:48 AM, Seba seba@owasp.org wrote:
Hi Muruganandam,
OWASP Zed Attack Proxy Project is the perfect tool for you.
It has automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
more info & download on https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
regards
Seba
On Thu, May 23, 2013 at 8:35 AM, Muruganandam C muruganandam.c@gmail.com wrote:
Hi All,
could you please let me know about application vulnerability scanning tool.
Thanks
Muruganandam
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Hi,
I would like to know about the certification security+. Has anyone
completed recently. how was the exam and time required for prepration.
Thanks
Muruganandam
Additionally, you can use Ratproxy and skipfish.
If you are concerned about individual vulnerabilities, I would suggest sqlmap (for SQL injection), XSSRay (for XSS), Nikto (Directory Access)
From: Seba seba@owasp.org
To: Muruganandam C muruganandam.c@gmail.com
Cc: webappsec@securityfocus.com; pen-test@securityfocus.com; web security websecurity@webappsec.org
Sent: Wednesday, May 22, 2013 11:48 PM
Subject: Re: [WEB SECURITY] Need a Opensource tool for application scanning
Hi Muruganandam,
OWASP Zed Attack Proxy Project is the perfect tool for you.
It has automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
more info & download on https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
regards
Seba
On Thu, May 23, 2013 at 8:35 AM, Muruganandam C muruganandam.c@gmail.com wrote:
Hi All,
could you please let me know about application vulnerability scanning tool.
Thanks
Muruganandam
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
On Fri, 2013-05-24 at 14:04 +0530, Muruganandam C wrote:
Hi,
I would like to know about the certification security+. Has anyone
completed recently. how was the exam and time required for prepration.
Its a pretty basic network security cert. It should not be hard for
anybody with a couple of years of experience in the field. There are
classes you can take, but the practice exams are more efficient
preparation. How long that takes depends upon your prior experience. The
only thing tricky in the exam itself are stupid questions like "which
two things that are not different between java and javascript ?"
Its a good minimum standard for your security people in the sense that
if they do not have the ability to pass it, they should not be doing
network security.
--
Dr Everett (Skip) Carter skip@taygeta.net
Taygeta Network Security Services (v) 831-641-0645
1340 Munras Ave, Suite 314 (f) 831-641-0647
Monterey, CA. 93955