Hello,
I'll give a training to students on web application hacking techniques and
web security development, I want to give them sample projects for
practicing. I would appreciate helping me with some ideas
some Ideas I thought about
Playing around with WebGoat & Hackmebank (Hacking)
How to protect your files -zip downloads- from direct downloads
(Development)
Write a script for brute-forcing authentication on a sample site using
common usernames and passwords -Hacking-
I hope you can help me with more ideas for hacking and secure development
Thanks in Advance
--
Best Regards,
Mostafa Siraj http://twitter.com/mostafasiraj
"Our deepest fear is not that we are inadequate. Our deepest fear is that we
are powerful beyond measure. It is our light, not our darkness, that most
frightens us. We ask ourselves, who am I to be brilliant, gorgeous,
talented, and fabulous?Actually, who are you not to be? You are a child of
God. Your playing small doesn't serve the world. There's nothing enlightened
about shrinking so that other people won't feel insecure around you. We are
all meant to shine, as children do. We are born to make manifest the glory
of God that is within us. It's not just in some of us, it's in everyone. And
as we let our own light shine, we unconsciously give other people permission
to do the same. As we are liberated from our own fear, our presence
automatically liberates others." --Nelson Mandela--
Why not have them scan actual open source web application software projects
to look for SQLi, XSS, CSRF and other web application security flaws and
report them.
If they then reported the actual bugs found this would then contribute back
to the open source community.
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Mostafa Siraj
Sent: Tuesday, April 26, 2011 5:16 AM
To: Wasc
Subject: [WEB SECURITY] Sample Hacking projects for students
Hello,
I'll give a training to students on web application hacking techniques and
web security development, I want to give them sample projects for
practicing. I would appreciate helping me with some ideas
some Ideas I thought about
Playing around with WebGoat & Hackmebank (Hacking)
How to protect your files -zip downloads- from direct downloads
(Development)
Write a script for brute-forcing authentication on a sample site using
common usernames and passwords -Hacking-
I hope you can help me with more ideas for hacking and secure development
Thanks in Advance
--
Best Regards,
Mostafa Siraj http://twitter.com/mostafasiraj
"Our deepest fear is not that we are inadequate. Our deepest fear is that we
are powerful beyond measure. It is our light, not our darkness, that most
frightens us. We ask ourselves, who am I to be brilliant, gorgeous,
talented, and fabulous?Actually, who are you not to be? You are a child of
God. Your playing small doesn't serve the world. There's nothing enlightened
about shrinking so that other people won't feel insecure around you. We are
all meant to shine, as children do. We are born to make manifest the glory
of God that is within us. It's not just in some of us, it's in everyone. And
as we let our own light shine, we unconsciously give other people permission
to do the same. As we are liberated from our own fear, our presence
automatically liberates others." --Nelson Mandela--
Hello Mostafa Siraj,
You could also create your own legal online targets with VPS's, or perhaps VMware images for students to play with etc.
I've made 4 of these called the HaXx.Me challenges, which are planned and scheduled via the InterN0T forums (forum.intern0t.net), and even though the VPS images are not available, the solution videos are: http://intern0t.blip.tv
Of course, with these custom challenges you should not focus on all attack vectors, but focus on what students may encounter in real life. With or without hints to guide them through the challenge, is up to you though.
Founder of InterN0T
Blogger at Exploit-DB
Offensive Security Certified Expert
----- Original meddelelse -----
Hello,
I'll give a training to students on web application hacking techniques
and web security development, I want to give them sample projects for
practicing. I would appreciate helping me with some ideas
some Ideas I thought about
Playing around with WebGoat & Hackmebank (Hacking)
How to protect your files -zip downloads- from direct downloads
(Development)
Write a script for brute-forcing authentication on a sample site using
common usernames and passwords -Hacking-
I hope you can help me with more ideas for hacking and secure development
Thanks in Advance
--
Best Regards,
Mostafa Siraj http://twitter.com/mostafasiraj
"Our deepest fear is not that we are inadequate. Our deepest fear is
that we are powerful beyond measure. It is our light, not our darkness,
that most frightens us. We ask ourselves, who am I to be brilliant,
gorgeous, talented, and fabulous?Actually, who are you not to be? You
are a child of God. Your playing small doesn't serve the world. There's
nothing enlightened about shrinking so that other people won't feel
insecure around you. We are all meant to shine, as children do. We are
born to make manifest the glory of God that is within us. It's not just
in some of us, it's in everyone. And as we let our own light shine, we
unconsciously give other people permission to do the same. As we are
liberated from our own fear, our presence automatically liberates
others." --Nelson Mandela--
You should also look at the "Web Security Dojo" virtual machine project -
which includes many web application security "hands on" tutorials in a great
environment:
http://sourceforge.net/projects/websecuritydojo/
http://www.mavensecurity.com/web_security_dojo/
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Mostafa Siraj
Sent: Tuesday, April 26, 2011 5:16 AM
To: Wasc
Subject: [WEB SECURITY] Sample Hacking projects for students
Hello,
I'll give a training to students on web application hacking techniques and
web security development, I want to give them sample projects for
practicing. I would appreciate helping me with some ideas
some Ideas I thought about
Playing around with WebGoat & Hackmebank (Hacking)
How to protect your files -zip downloads- from direct downloads
(Development)
Write a script for brute-forcing authentication on a sample site using
common usernames and passwords -Hacking-
I hope you can help me with more ideas for hacking and secure development
Thanks in Advance
--
Best Regards,
Mostafa Siraj http://twitter.com/mostafasiraj
"Our deepest fear is not that we are inadequate. Our deepest fear is that we
are powerful beyond measure. It is our light, not our darkness, that most
frightens us. We ask ourselves, who am I to be brilliant, gorgeous,
talented, and fabulous?Actually, who are you not to be? You are a child of
God. Your playing small doesn't serve the world. There's nothing enlightened
about shrinking so that other people won't feel insecure around you. We are
all meant to shine, as children do. We are born to make manifest the glory
of God that is within us. It's not just in some of us, it's in everyone. And
as we let our own light shine, we unconsciously give other people permission
to do the same. As we are liberated from our own fear, our presence
automatically liberates others." --Nelson Mandela--
I've recently came across this site that contains almost every single
vulnerable web app for learning:
http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/
Fabio
"H Morrow Long" morrow.long@yale.edu
Sent by: websecurity-bounces@lists.webappsec.org
26/04/2011 23:15
Please respond to morrow.long
To: "'Mostafa Siraj'" <mostafa.siraj@gmail.com>, "'Wasc'"
websecurity@webappsec.org
cc:
Subject: Re: [WEB SECURITY] Sample Hacking projects for
students
You should also look at the “Web Security Dojo” virtual machine project –
which includes many web application security “hands on” tutorials in a
great environment:
http://sourceforge.net/projects/websecuritydojo/
http://www.mavensecurity.com/web_security_dojo/
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Mostafa
Siraj
Sent: Tuesday, April 26, 2011 5:16 AM
To: Wasc
Subject: [WEB SECURITY] Sample Hacking projects for students
Hello,
I'll give a training to students on web application hacking techniques and
web security development, I want to give them sample projects for
practicing. I would appreciate helping me with some ideas
some Ideas I thought about
Playing around with WebGoat & Hackmebank (Hacking)
How to protect your files -zip downloads- from direct downloads
(Development)
Write a script for brute-forcing authentication on a sample site using
common usernames and passwords -Hacking-
I hope you can help me with more ideas for hacking and secure development
Thanks in Advance
--
Best Regards,
Mostafa Siraj
"Our deepest fear is not that we are inadequate. Our deepest fear is that
we are powerful beyond measure. It is our light, not our darkness, that
most frightens us. We ask ourselves, who am I to be brilliant, gorgeous,
talented, and fabulous?Actually, who are you not to be? You are a child of
God. Your playing small doesn't serve the world. There's nothing
enlightened about shrinking so that other people won't feel insecure
around you. We are all meant to shine, as children do. We are born to make
manifest the glory of God that is within us. It's not just in some of us,
it's in everyone. And as we let our own light shine, we unconsciously give
other people permission to do the same. As we are liberated from our own
fear, our presence automatically liberates others." --Nelson Mandela--
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
This document is strictly confidential and is intended for use by the addressee unless otherwise indicated. Allied Irish Banks,
AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Central Bank of Ireland. Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173.
This email has been scanned by an external Email Security System.