[Owasp-austin] Study Group Today

David Hughes david.hughes at owasp.org
Wed Jul 25 14:27:00 UTC 2012


Sorry, for those new to the group:

We're meeting as usual at National Instruments, Building A, Room 234
across from the
cafeteria entrance (The one next door to the one we've been using) for
the next two weeks.  Will be back in 217 after that.


DH


On 07/25/2012 09:22 AM, David Hughes wrote:
> All,
>
> For study group today, I'd like to have a brainstorming session to
> discuss the direction of the group. I had planned to do this last week
> but instead decided that the time would be better served letting Josh
> present on something he's working on for a conference. It fit perfectly
> into what we think the study group should look like from now on. 
>
> I'd also like to talk a bit about technical challenges. How best to
> create a good lab environment, etc.
>
> Here's some talking points we are going to discuss:
>
> 1. The study group should be participant-led. Remember, it's not a
> class, it's a study group. We in the OWASP leadership want to be there
> to help where we can, but we do not lead or proctor the class. We are
> participants like you and lead, like you, when we are presenting or
> piloting discussions.
>
> 2. Topics. I'd like everyone to start thinking about topics you'd like
> to bring to the table. Do we want to do another series? I've had a LOT
> of requests it seems for Metasploit. Last week we brought up the book
> Practical Malware Analysis. I think both topics would allow for lots of
> hands-on experience.  But maybe we want to steer away from longer series
> for a time.  But when we do a series, the group should lead. Each week a
> different person should be serving as somewhat of a guide. (Not
> necessarily a teacher).
>
> 3. We'd like everyone to be involved. I think we have a lot of smart
> people who have something to contribute.
>
> 4. Got a problem? Bring it to the group. 
>
> I think I can express how we'd like the study group to work best by
> painting a fictional "picture" as an example (The names have been
> changed to protect my poor recollection of actual names. :-) )
>
> ***********************************
>
> Week One: Mike does a presentation on using a debugger in reverse
> engineering. The topic stirs a lot of conversation and runs long so we
> decide to extend it for another week. Doug's presentation on cross-site
> scripting is moved to week three.
>
> Week Two: More debugging. A side discussion on using Metasploit to
> generate shell code pops up for the remainder of the hour. We decide to
> do a future lab session where we get hands-on experience creating shell
> code with MSF.
>
> Week Three: Doug, having had more time to prepare XSS has set up a
> vulnerable server application to demonstrate XSS.
>
> Week Four: We had a discussion planned regarding XSRF led by Phil. He
> decided he needed more time, so instead we had a group discussion about
> various topics such as good Security Podcasts, recent books, and future
> plans to do a series on the book Practical Malware Analysis.  We also
> discussed helping each prepare resumes for job searches.
>
> Week Five: Phil does a presentation on XSRF. This was followed by a lot
> of questions and good discussion.
>
> Week Six: Linda presents on the topic: Writing Ruby modules for
> Metasploit. Good discussion. We decided that maybe we also needed
> something to help us with our scripting skills. A series perhaps? Some
> good Ruby resources were shared.
>
> Week Seven: We decide to do a short "basics of Ruby" series to help
> provide us some basic scripting skills. A friendly debate breaks out
> regarding Ruby vs. Python vs. Perl. We decide on Ruby and the book
> "Programming Ruby"
>
> Week Eight thru Twenty-One, we cover the Programming Ruby book. Each
> person in class chooses a chapter in the book to lead.
>
> Week twenty-two: We decide to create a project based on our new Ruby
> skills.
>
> etc.
>
>
> Bring your thoughts and ideas!
>
> David H.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20120725/773ee0b0/attachment.html>


More information about the Owasp-austin mailing list