Changes

From Security Weekly Wiki
Jump to navigationJump to search
539 bytes added ,  15:05, 19 October 2009
Undo revision 5581 by Mikep (Talk)
* [http://www.hackfest.ca/?lg=en Hackfest Canada!] - Mick will be speaking/ranting from the Great White North! November 7th, you'll want to be there! Quebec, Canada (North America's only walled city!)
= Interview: Prajakta Jagdale Ryan Dewhurst is damn proud (of how vulnerable [http://www.ethicalhack3r.co.uk/damn-vulnerable-web-app/ his web apps are)] =
== About ==
==== Prajakta Jagdale ====Ryan Dewhurt is a student stufying Ethical Hacking for Computer Security at British University. His blog documents his thoughts, findings and experiments related to ethical hacking
"I have had a passion for technology since I can remember, information security has always interested me since owning my own Pentium II 200Mhz PC that I conned my mother into buying me back when I was a wee lad."
==== HP SWFScan tool ====FLASH SECURITY SCANNING TOOL(Designed by HP Recently he has started to get involved in Open Source projects including his own, Damn Vulnerable Web Security Research Group)* Analyzes Flash applications App, ScreenStamp!, Nikto and report security vulnerabilities detectedw3af which I plan to dedicate more time to.* Flash Developer Community Education – Make developers aware of their coding pitfalls* Supports ALL versions of Flash Features* Decompiles SWF byte code and generates ActionScript source code* Performs Source-Sink analysis to understand the data flow* Checks for known security issues** Information disclosure** Cross-Site Scripting** Cross-Domain Privilege Escalation* Reports vulnerabilities found and highlights the source code block causing the vulnerability
== Questions ==
Questions for Prajakta Ryan:
* How did you get started in information security?
* Why did you decide to write DVWA?
* What are some of the vulnerabilities included in DVWA and how do they work? (CSRF, XSS, RFI, LFI, SQLi, upload, command execution?
* What are the differences between 1.0.4 and 1.0.5 of DVWA?
* What separates is apart from similar projects? (Cookie values?)
* Was there a particular application that inspired DVWA?
* Why do you think PHP is always so damn insecure and vulnerable?
* What can we do to write more secure code? Along those lines, was is harder to write insecure code in DVWA or secure code?
* Did you get taught how to write secure code in school?
* What other projects are you working on?
== Resources ==
ToolRyan's community webpagewebsite: [http://www.communitiesethicalhack3r.hpco.com/securitysoftware/blogs/spilabs/archive/2009/03/20/exposing-flash-application-vulnerabilities-with-swfscanuk www.ethicalhack3r.co.aspx uk]
Ryan's [http://www.ethicalhack3r.co.uk/category/toolz/ tools]
Ryan on [http://twitter.com/ethicalhack3r twitter]
 
 
= Stories For Discussion =
1,872

edits

Navigation menu