[Committees-chairs] FW: Attention to supporters of student projects on your website.

Mark Bristow mark.bristow at owasp.org
Wed Sep 28 10:17:42 EDT 2011 

 Broken web apps project?

Mark Bristow
Global Conferences Committee, Chair
mark.bristow at owasp.org
(703) 596-5175

Sent concisely from my wireless device

----- Reply message -----
From: "Kate Hartmann" <kate.hartmann at owasp.org>
To: "committees-chairs at lists.owasp.org" <committees-chairs at lists.owasp.org>
Subject: [Committees-chairs] FW: Attention to supporters of student projects
on your website.
Date: Wed, Sep 28, 2011 10:10 am



Chairs, any suggestions on where to forward this request?



Kate Hartmann

Operations Director

301-275-9403

www.owasp.org

Skype:  Kate.hartmann1



*From:* George Snead [mailto:gsnead1 at students.towson.edu]
*Sent:* Tuesday, September 27, 2011 6:36 PM
*To:* owasp at owasp.org
*Subject:* Attention to supporters of student projects on your website.



Hello

First of all, thank you for organizing the topic list on application
security and the articles and videos to explain the concepts, attacks and
vulnerabilities.

I'm not as fluent as I would like to be in creating clients and servers, but
I am an old-line programmer who can work out the programming part of a
project.

I'm writing for your advice on creating a test configuration to exploit a
vulnerability with a particular attack (we have not yet decided on a
particular attack).  I would like to carry out our study in a 'sandbox' test
configuration consisting of a network, white hat victim client, a black hat
aggressor, a server which offers a very simple service (kind of a 'hello
world' service).  We need access to the source code for client and server in
order to create the vulnerability and attack.  We need enough functionality
to discover the attack through logs (alternatively, our distressed white hat
client reports a 'rip-off' and the server realizes he needs to report
sufficient information about the transaction flow in the log to discover the
attack.)

We could create all this from scratch.  But, if there is a exploritory
framework existing of client and server that we can modify with the
specifics of our projects, I would appreciate knowing about it

I have a little bit of experience with ruby on rails, so perhaps we can
start with it.  But we could proceed with any framework and language.

Regards,

George Snead
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/committees-chairs/attachments/20110928/8ea1fd1d/attachment.html

More information about the Committees-chairs mailing list