[Committees-chairs] FW: Attention to supporters of student projects on your website.
jim.manico at owasp.org
Thu Sep 29 14:30:44 EDT 2011
Have him kick this to the leaders list, or maybe we need to start a
general "WebAppSec" list for questions like this?
I want "the community" to answer....
> Chairs, any suggestions on where to forward this request?
> Kate Hartmann
> Operations Director
> www.owasp.org <http://www.owasp.org/>
> Skype: Kate.hartmann1
> *From:*George Snead [mailto:gsnead1 at students.towson.edu]
> *Sent:* Tuesday, September 27, 2011 6:36 PM
> *To:* owasp at owasp.org
> *Subject:* Attention to supporters of student projects on your website.
> First of all, thank you for organizing the topic list on application
> security and the articles and videos to explain the concepts, attacks
> and vulnerabilities.
> I'm not as fluent as I would like to be in creating clients and
> servers, but I am an old-line programmer who can work out the
> programming part of a project.
> I'm writing for your advice on creating a test configuration to
> exploit a vulnerability with a particular attack (we have not yet
> decided on a particular attack). I would like to carry out our study
> in a 'sandbox' test configuration consisting of a network, white hat
> victim client, a black hat aggressor, a server which offers a very
> simple service (kind of a 'hello world' service). We need access to
> the source code for client and server in order to create the
> vulnerability and attack. We need enough functionality to discover
> the attack through logs (alternatively, our distressed white hat
> client reports a 'rip-off' and the server realizes he needs to report
> sufficient information about the transaction flow in the log to
> discover the attack.)
> We could create all this from scratch. But, if there is a exploritory
> framework existing of client and server that we can modify with the
> specifics of our projects, I would appreciate knowing about it
> I have a little bit of experience with ruby on rails, so perhaps we
> can start with it. But we could proceed with any framework and language.
> George Snead
> Committees-chairs mailing list
> Committees-chairs at lists.owasp.org
Connections Committee Chair
Cheatsheet Series Product Manager
OWASP Podcast Producer/Host
jim at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Committees-chairs