Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

OWASP Podcasts 2011

JM
Jim Manico
Sat, Mar 19, 2011 11:39 PM

Hello folks,

I just want to give you a quick update on the OWASP Podcast Series.

We pushed out 3 shows so far this year:

  1. OWASP Podcast 83 from Dave Ferguson talks about how to properly
    implement the "Forgot Password" feature in web apps. I'm a fan of this
    podcast and would like the series to move more and more in this
    "prescriptive" direction. Dave's podcast was also the basis for the
    OWASP Forgot Password cheat-sheet.

http://www.owasp.org/download/jmanico/owasp_podcast_83.mp3
http://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet

  1. OWASP Podcast 82 from Dave Wichers. Dave is one of OWASP's board
    members and donates a pretty insane amount of time assisting the OWASP
    cause in a variety of ways (OWASP CFO, ASVS, Top Ten leader, etc, etc, etc).

http://www.owasp.org/download/jmanico/owasp_podcast_82.mp3
http://www.owasp.org/index.php/User:Wichers

  1. OWASP Podcast 81 is an older show from Brian Chess prior to HP's
    purchase of Fortify. Brian talked about how software security issues are
    no longer just about business risk - its now life and death.

http://www.owasp.org/download/jmanico/owasp_podcast_81.mp3

I hope you enjoy. Feedback is always appreciated.

Regards,
Jim Manico
jim@owasp.org

Hello folks, I just want to give you a quick update on the OWASP Podcast Series. We pushed out 3 shows so far this year: 1) OWASP Podcast 83 from Dave Ferguson talks about how to properly implement the "Forgot Password" feature in web apps. I'm a fan of this podcast and would like the series to move more and more in this "prescriptive" direction. Dave's podcast was also the basis for the OWASP Forgot Password cheat-sheet. http://www.owasp.org/download/jmanico/owasp_podcast_83.mp3 http://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet 2) OWASP Podcast 82 from Dave Wichers. Dave is one of OWASP's board members and donates a pretty insane amount of time assisting the OWASP cause in a variety of ways (OWASP CFO, ASVS, Top Ten leader, etc, etc, etc). http://www.owasp.org/download/jmanico/owasp_podcast_82.mp3 http://www.owasp.org/index.php/User:Wichers 3) OWASP Podcast 81 is an older show from Brian Chess prior to HP's purchase of Fortify. Brian talked about how software security issues are no longer just about business risk - its now life and death. http://www.owasp.org/download/jmanico/owasp_podcast_81.mp3 I hope you enjoy. Feedback is always appreciated. Regards, Jim Manico jim@owasp.org
A
albino
Mon, Apr 4, 2011 7:45 PM

Hey all

I'd like to introduce hackxor, a webgoat-like hacking game with a plot
and an emphasis on realism, difficulty and actually exploiting
vulnerabilities. It uses the amazingly nifty HtmlUnit to simulate other
users, so you can write your own XSS/CSRF payloads. While the complete
version is a VM image that has to be downloaded&installed aka DVWA, the
first two levels can be played online, as SourceForge is bravely hosting
them at http://hackxor.sourceforge.net/

It contains XSS, CSRF, SQLi, ReDoS, DOR, command injection and plenty of
other vulnerabilities that don't have succinct acronyms. Sadly, due to
time constraints there aren't any timing or entropy attacks (although
you'll have a self-inflicted time-limit if you mess up the ReDoS).
Still, I think the later levels will be difficult enough for nearly
everyone to have a challenge.

Sorry that this is pretty much my first post; I only found the list a
few months ago. At least I didn't put ads on the site :)

Anyways, enjoy! Feedback and mild abuse is welcome as ever.

albino

Hey all I'd like to introduce hackxor, a webgoat-like hacking game with a plot and an emphasis on realism, difficulty and actually exploiting vulnerabilities. It uses the amazingly nifty HtmlUnit to simulate other users, so you can write your own XSS/CSRF payloads. While the complete version is a VM image that has to be downloaded&installed aka DVWA, the first two levels can be played online, as SourceForge is bravely hosting them at http://hackxor.sourceforge.net/ It contains XSS, CSRF, SQLi, ReDoS, DOR, command injection and plenty of other vulnerabilities that don't have succinct acronyms. Sadly, due to time constraints there aren't any timing or entropy attacks (although you'll have a self-inflicted time-limit if you mess up the ReDoS). Still, I think the later levels will be difficult enough for nearly everyone to have a challenge. Sorry that this is pretty much my first post; I only found the list a few months ago. At least I didn't put ads on the site :) Anyways, enjoy! Feedback and mild abuse is welcome as ever. albino
Empathy v1.0   2024 ©Harmonylists.com