Hello folks,
I just want to give you a quick update on the OWASP Podcast Series.
We pushed out 3 shows so far this year:
http://www.owasp.org/download/jmanico/owasp_podcast_83.mp3
http://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
http://www.owasp.org/download/jmanico/owasp_podcast_82.mp3
http://www.owasp.org/index.php/User:Wichers
http://www.owasp.org/download/jmanico/owasp_podcast_81.mp3
I hope you enjoy. Feedback is always appreciated.
Regards,
Jim Manico
jim@owasp.org
Hey all
I'd like to introduce hackxor, a webgoat-like hacking game with a plot
and an emphasis on realism, difficulty and actually exploiting
vulnerabilities. It uses the amazingly nifty HtmlUnit to simulate other
users, so you can write your own XSS/CSRF payloads. While the complete
version is a VM image that has to be downloaded&installed aka DVWA, the
first two levels can be played online, as SourceForge is bravely hosting
them at http://hackxor.sourceforge.net/
It contains XSS, CSRF, SQLi, ReDoS, DOR, command injection and plenty of
other vulnerabilities that don't have succinct acronyms. Sadly, due to
time constraints there aren't any timing or entropy attacks (although
you'll have a self-inflicted time-limit if you mess up the ReDoS).
Still, I think the later levels will be difficult enough for nearly
everyone to have a challenge.
Sorry that this is pretty much my first post; I only found the list a
few months ago. At least I didn't put ads on the site :)
Anyways, enjoy! Feedback and mild abuse is welcome as ever.
albino