Changes

From Security Weekly Wiki
Jump to navigationJump to search
539 bytes removed ,  15:03, 19 October 2009
* [http://www.hackfest.ca/?lg=en Hackfest Canada!] - Mick will be speaking/ranting from the Great White North! November 7th, you'll want to be there! Quebec, Canada (North America's only walled city!)
= Interview: Ryan Dewhurst is damn proud (of how vulnerable [http://www.ethicalhack3r.co.uk/damn-vulnerable-web-app/ his web apps are)] Prajakta Jagdale =
== About ==
Ryan Dewhurt is a student stufying Ethical Hacking for Computer Security at British University. His blog documents his thoughts, findings and experiments related to ethical hacking==== Prajakta Jagdale ====
"I have had a passion for technology since I can remember, information security has always interested me since owning my own Pentium II 200Mhz PC that I conned my mother into buying me back when I was a wee lad."
Recently he has started to get involved in Open Source projects including his own, Damn Vulnerable ==== HP SWFScan tool ====FLASH SECURITY SCANNING TOOL(Designed by HP Web App, ScreenStamp!, Nikto Security Research Group)* Analyzes Flash applications and report security vulnerabilities detected.* Flash Developer Community Education – Make developers aware of their coding pitfalls* Supports ALL versions of Flash Features* Decompiles SWF byte code and w3af which I plan generates ActionScript source code* Performs Source-Sink analysis to dedicate more time to. understand the data flow* Checks for known security issues** Information disclosure** Cross-Site Scripting** Cross-Domain Privilege Escalation* Reports vulnerabilities found and highlights the source code block causing the vulnerability
== Questions ==
Questions for RyanPrajakta :
* How did you get started in information security?
* Why did you decide to write DVWA?
* What are some of the vulnerabilities included in DVWA and how do they work? (CSRF, XSS, RFI, LFI, SQLi, upload, command execution?
* What are the differences between 1.0.4 and 1.0.5 of DVWA?
* What separates is apart from similar projects? (Cookie values?)
* Was there a particular application that inspired DVWA?
* Why do you think PHP is always so damn insecure and vulnerable?
* What can we do to write more secure code? Along those lines, was is harder to write insecure code in DVWA or secure code?
* Did you get taught how to write secure code in school?
* What other projects are you working on?
== Resources ==
RyanTool's websitecommunity webpage: [http://www.ethicalhack3rcommunities.cohp.uk www.ethicalhack3r.cocom/securitysoftware/blogs/spilabs/archive/2009/03/20/exposing-flash-application-vulnerabilities-with-swfscan.ukaspx ]
Ryan's [http://www.ethicalhack3r.co.uk/category/toolz/ tools]
Ryan on [http://twitter.com/ethicalhack3r twitter]
 
 
= Stories For Discussion =
1,872

edits

Navigation menu