Episode168

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here


Sponsors

  • Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
  • Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
  • Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!

Shameless Plugs & General Announcements

Security Weekly - Episode 168 - For Thursday September 17th, 2009

  • We're looking for two^h^h^h one interns^h - local to the Rhode Island area, listen to the podcast, into linux, able to lift 30 lbs, and if possible, willing to perform post-production work on the podcast. If that description sounds like you, please send us a note via psw [at] Security Weekly [dot com]
  • The Louisville Metro InfoSec Conference in lucky Louisville offers John Strand as Keynote and serves Security Weekly Asadoorian as Breakout Speaker. If that were not enough, they will also have a Capture The Flag event and Irongeek! All the above for the very low price of $99 on October 8th.
  • Community SANS: Sec 542 Web Application Penetration Testing - SANS is pleased to announce Community SANS Providence, running January 11 - 16. Larry will teach Security 542: Web Application Penetration Testing and Ethical Hacking. The course will be hosted by Brown University. Also coming up, 617 on Calgary sometime in March!
  • Rochester Security Summit - Larry and Ed Skoudis to give Keynotes. What can get better than that? October 28 - 29 in Rochester NY!
  • Hackfest Canada! - Mick will be speaking/ranting from the Great White North! November 7th, you'll want to be there! Quebec, Canada (North America's only walled city!)

Episode Media

mp3

Interview: Ryan Dewhurst is damn proud (of how vulnerable his web apps are)

About

Ryan Dewhurt is a student stufying Ethical Hacking for Computer Security at British University. His blog documents his thoughts, findings and experiments related to ethical hacking

"I have had a passion for technology since I can remember, information security has always interested me since owning my own Pentium II 200Mhz PC that I conned my mother into buying me back when I was a wee lad."

Recently he has started to get involved in Open Source projects including his own, Damn Vulnerable Web App, ScreenStamp!, Nikto and w3af which I plan to dedicate more time to.

Questions

Questions for Ryan:

  • How did you get started in information security?
  • Why did you decide to write DVWA?
  • What are some of the vulnerabilities included in DVWA and how do they work? (CSRF, XSS, RFI, LFI, SQLi, upload, command execution?
  • What are the differences between 1.0.4 and 1.0.5 of DVWA?
  • What separates is apart from similar projects? (Cookie values?)
  • Was there a particular application that inspired DVWA?
  • Why do you think PHP is always so damn insecure and vulnerable?
  • What can we do to write more secure code? Along those lines, was is harder to write insecure code in DVWA or secure code?
  • Did you get taught how to write secure code in school?
  • What other projects are you working on?

Resources

Ryan's website: www.ethicalhack3r.co.uk

Ryan's tools

Ryan on twitter


Stories For Discussion

  1. Chat-in-the-middle - [Larry] - Wow, don't believe anything you read, and half of what you see. Now, Phishers are spawning up those nice web chat assistance windows to help you give them the keys to your account. Nice.
  2. Do not go to this site - [Larry] - I'm really glad these guys are putting this project together, as there aren;t a lot of good resources on teaching/learning social engineering. So far the info and resources are great, and will evolve in time. I wonder if they have plans to include defensive measures…. [Paul] - Gave this a quick look today and looks like it has a good chance of becoming THE social engineering resource on the web. I read the page on pre-texting and was delighted to read accurate descriptions and examples that have occured in the real world. I also think that while you can have the technical abilities to execute social engineering, its one of those things that you have to be the kind of person that can execute them successfully, and thats something you can't teach.
  3. Got Bots? - [Larry] - The IETF has released a document entitled "Recommendations for the Remediation of Bots in ISP Networks". Talks about what to do, and how to notify customers and manage. One might even adopt this for internal practices as well….
  4. For the love of all that is holy! - [Larry] - OK, who spent the time finding XSS at this site? I mean, sometimes security is a dirty job, but for fun?
  5. So, are we going to take this SCADA Stuff seriously? - [Larry] - Ok, so China is speculating that taking out a smaller power operation can have larger effects. Sounds like a parallel to attacking computer systems, and not just the power grid.
  6. Albert Gonzalez pleads guilty to New England attacks - [MikeP.] - 130 Million credit cards later, the Feds allegedly have their man.
  7. MS09-048 - [Paul] - A DoS condition, patched in Win 7 and Server 2008, leaves all other OSes vulnerable, NICE! It is a true TCPIP exhaustion type attack, so seems to me it will remain a DoS.
  8. DoS -> Local and Remote Exploit SMBv2 vuln - [Paul] - Gotta love the 0day love on this one with Immunity releasing to their customers both a local and remote exploit for Vista and server 2008.
  9. Facebook security from the experts! - [Mick] - Tom Eston made this amazing guide. Be sure to check it out and follow the advice! I'm sure you'll be glad you did.
  10. Cybercrime underground economics 101 - [Mick] - Hey! Since it's on CNN, it has to be real! I actually like the fact that this brings some exposure to the non-techs.

Other Stories Of Interest

  1. lockpicking is a sport! - [Mick] - So very cool... for those of you who've not tried it yet, I strongly urge you to give it a go. I find lockpicking to be relaxing and quite fun, perhaps you will too!