[Owasp-austin] Austin OWASP Study Group topic - OWASP Hacking Lab training

Matt Pardo mpardo at velocitystorm.com
Sun Feb 28 23:10:32 UTC 2016

Hi Austin OWASP,

Our next study group topic has been chosen. We will be going through the OWASP Hacking Lab at https://www.hacking-lab.com/index.html

We will be starting with the OWASP Top Ten challenge first. So, we will be learning about the mechanics of each vulnerability and how they are exploited.

These include:

1) SQL injection
2) Cross-site scripting (XSS)
3) Broken authentication & session management
4) Insecure direct object references
5) Cross site request forger (CSRF)
6) Security misconfiguration
7) Insecure cryptographic storage
8) Failure to restrict URL access
9) Insufficient transport layer protection
10) Unvalidated redirects & forwards.

Our first meeting on March 3 will be making sure everyone is reading to go, i.e. they have an account and can get connected to the labs.

People who want to participate will need to do the following:

1) Go to https://www.hacking-lab.com/index.html and register an account
2) Go to security events and click "Register Now" for the OWASP Top Ten challenge
3) Go to the download section and select the download option you want. You can download a virtual machine (vmware, virtualbox) or a live CD iso. It is important to use one of their images because you will need to make a VPN connection to their labs in order to work on the challenges.

This should be a ton of fun!

Email me if you have any questions.


Matt Pardo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20160228/d4c6ae0a/attachment.html>

More information about the Owasp-austin mailing list