[OWASP-Philadelphia] Philadelphia OWASP Meeting 1/8
Justin C. Klein Keane
jukeane at sas.upenn.edu
Mon Dec 17 14:05:22 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
TLDR: Please RSVP to jukeane at sas.upenn.edu if you plan to attend the
January meeting, which will be held on Penn's campus in Fisher Bennet
hall (at the corner of 34th and Walnut) room 224.
I've tallied the votes for the topic of our 1/8 meeting and there
were no offers from other speakers or suggestions for alternative
topics. Folks voted for just two topics, with capture the flag (CTF)
getting the most votes, the rest for a discussion of tools.
I'm working on finishing the capture the flag, which will actually
focus on a number of tools used for testing. The CTF follows the
format of others I've done in the past
The exercise will consist of a VMWare virtual machine image along
with a PDF of documentation for one potential route to compromise the
target. The target is a fully working server with a complete LAMP
stack including a vulnerable web application. This CTF should be fun
because I'm going to use PhantomJS to simulate users interacting with
any web applications installed on the target (making XSS attacks valid).
In order to make the most of the exercise you should bring a laptop
with something capable of running a VMWare image (VMWare Player
(free), Workstation, Fusion, or even VirtualBox (free)). I'll post
the exercise (including the target and documentation) up on
SourceForge following the meeting for folks who can't make it.
As I'm going to try to bring CDs with the target VMWare image I'll
need to know how many to make. If you plan to attend please e-mail me
at jukeane at sas.upenn.edu so I know how many to burn.
Have a happy holidays and hope to see you all in January.
Justin C. Klein Keane, MA MCIT
Senior Information Security Specialist
University of Pennsylvania, School of Arts & Sciences
The PGP signature on this email can be verified using the public key at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the OWASP-Philadelphia