[Owasp-austin] Study Group Today

David Hughes david.hughes at owasp.org
Wed Jul 25 14:22:18 UTC 2012


All,

For study group today, I'd like to have a brainstorming session to
discuss the direction of the group. I had planned to do this last week
but instead decided that the time would be better served letting Josh
present on something he's working on for a conference. It fit perfectly
into what we think the study group should look like from now on. 

I'd also like to talk a bit about technical challenges. How best to
create a good lab environment, etc.

Here's some talking points we are going to discuss:

1. The study group should be participant-led. Remember, it's not a
class, it's a study group. We in the OWASP leadership want to be there
to help where we can, but we do not lead or proctor the class. We are
participants like you and lead, like you, when we are presenting or
piloting discussions.

2. Topics. I'd like everyone to start thinking about topics you'd like
to bring to the table. Do we want to do another series? I've had a LOT
of requests it seems for Metasploit. Last week we brought up the book
Practical Malware Analysis. I think both topics would allow for lots of
hands-on experience.  But maybe we want to steer away from longer series
for a time.  But when we do a series, the group should lead. Each week a
different person should be serving as somewhat of a guide. (Not
necessarily a teacher).

3. We'd like everyone to be involved. I think we have a lot of smart
people who have something to contribute.

4. Got a problem? Bring it to the group. 

I think I can express how we'd like the study group to work best by
painting a fictional "picture" as an example (The names have been
changed to protect my poor recollection of actual names. :-) )

***********************************

Week One: Mike does a presentation on using a debugger in reverse
engineering. The topic stirs a lot of conversation and runs long so we
decide to extend it for another week. Doug's presentation on cross-site
scripting is moved to week three.

Week Two: More debugging. A side discussion on using Metasploit to
generate shell code pops up for the remainder of the hour. We decide to
do a future lab session where we get hands-on experience creating shell
code with MSF.

Week Three: Doug, having had more time to prepare XSS has set up a
vulnerable server application to demonstrate XSS.

Week Four: We had a discussion planned regarding XSRF led by Phil. He
decided he needed more time, so instead we had a group discussion about
various topics such as good Security Podcasts, recent books, and future
plans to do a series on the book Practical Malware Analysis.  We also
discussed helping each prepare resumes for job searches.

Week Five: Phil does a presentation on XSRF. This was followed by a lot
of questions and good discussion.

Week Six: Linda presents on the topic: Writing Ruby modules for
Metasploit. Good discussion. We decided that maybe we also needed
something to help us with our scripting skills. A series perhaps? Some
good Ruby resources were shared.

Week Seven: We decide to do a short "basics of Ruby" series to help
provide us some basic scripting skills. A friendly debate breaks out
regarding Ruby vs. Python vs. Perl. We decide on Ruby and the book
"Programming Ruby"

Week Eight thru Twenty-One, we cover the Programming Ruby book. Each
person in class chooses a chapter in the book to lead.

Week twenty-two: We decide to create a project based on our new Ruby
skills.

etc.


Bring your thoughts and ideas!

David H.



More information about the Owasp-austin mailing list