[Committees-chairs] FW: Attention to supporters of student projects on your website.

Martin Knobloch martin.knobloch at owasp.org
Wed Sep 28 10:22:14 EDT 2011


Kate, et all,

Parts of this will be included in the academy-portal project, once it is up
and running.
For the time being, you can forward them to the "broken web application"
project:
https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

That is an alpha status project, but I am pretty sure any help would be
welcome.
The university could contribute to the project, I would suggest!

Cheers,
-Martin

On Wed, Sep 28, 2011 at 4:10 PM, Kate Hartmann <kate.hartmann at owasp.org>wrote:

> Chairs, any suggestions on where to forward this request?****
>
> ** **
>
> Kate Hartmann****
>
> Operations Director****
>
> 301-275-9403****
>
> www.owasp.org ****
>
> Skype:  Kate.hartmann1****
>
> ** **
>
> *From:* George Snead [mailto:gsnead1 at students.towson.edu]
> *Sent:* Tuesday, September 27, 2011 6:36 PM
>
> *To:* owasp at owasp.org
> *Subject:* Attention to supporters of student projects on your website.***
> *
>
> ** **
>
> Hello
>
> First of all, thank you for organizing the topic list on application
> security and the articles and videos to explain the concepts, attacks and
> vulnerabilities.
>
> I'm not as fluent as I would like to be in creating clients and servers,
> but I am an old-line programmer who can work out the programming part of a
> project.
>
> I'm writing for your advice on creating a test configuration to exploit a
> vulnerability with a particular attack (we have not yet decided on a
> particular attack).  I would like to carry out our study in a 'sandbox' test
> configuration consisting of a network, white hat victim client, a black hat
> aggressor, a server which offers a very simple service (kind of a 'hello
> world' service).  We need access to the source code for client and server in
> order to create the vulnerability and attack.  We need enough functionality
> to discover the attack through logs (alternatively, our distressed white hat
> client reports a 'rip-off' and the server realizes he needs to report
> sufficient information about the transaction flow in the log to discover the
> attack.)
>
> We could create all this from scratch.  But, if there is a exploritory
> framework existing of client and server that we can modify with the
> specifics of our projects, I would appreciate knowing about it
>
> I have a little bit of experience with ruby on rails, so perhaps we can
> start with it.  But we could proceed with any framework and language.
>
> Regards,
>
> George Snead****
>
> _______________________________________________
> Committees-chairs mailing list
> Committees-chairs at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/committees-chairs
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/committees-chairs/attachments/20110928/6a28f591/attachment-0001.html 


More information about the Committees-chairs mailing list