[OWASP-Philadelphia] Philadelphia OWASP Meeting 1/8

Justin C. Klein Keane jukeane at sas.upenn.edu
Mon Dec 17 14:56:42 UTC 2012

Hash: SHA1


  my pleasure.  I'm getting to play with stuff like Twitter Bootstrap
and PhantomJS to put it together and I'm going to test out some
testing tools like OWASP ZAP and W3AF against it as well so I should
get some good exposure to using more tools :)

Justin C. Klein Keane, MA MCIT
Senior Information Security Specialist
University of Pennsylvania, School of Arts & Sciences

The PGP signature on this email can be verified using the public key at

On 12/17/2012 09:36 AM, Aaron Weaver wrote:
> Thanks for putting this together. Looking forward to the CTF.
> On Mon, Dec 17, 2012 at 9:05 AM, Justin C. Klein Keane 
> <jukeane at sas.upenn.edu <mailto:jukeane at sas.upenn.edu>> wrote:
> Hello all,
> TLDR: Please RSVP to jukeane at sas.upenn.edu 
> <mailto:jukeane at sas.upenn.edu> if you plan to attend the January
> meeting, which will be held on Penn's campus in Fisher Bennet hall
> (at the corner of 34th and Walnut) room 224.
> I've tallied the votes for the topic of our 1/8 meeting and there 
> were no offers from other speakers or suggestions for alternative 
> topics.  Folks voted for just two topics, with capture the flag
> (CTF) getting the most votes, the rest for a discussion of tools.
> I'm working on finishing the capture the flag, which will actually 
> focus on a number of tools used for testing.  The CTF follows the 
> format of others I've done in the past 
> (https://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/).
The exercise will consist of a VMWare virtual machine image along
> with a PDF of documentation for one potential route to compromise
> the target.  The target is a fully working server with a complete
> LAMP stack including a vulnerable web application.  This CTF should
> be fun because I'm going to use PhantomJS to simulate users
> interacting with any web applications installed on the target
> (making XSS attacks valid).
> In order to make the most of the exercise you should bring a
> laptop with something capable of running a VMWare image (VMWare
> Player (free), Workstation, Fusion, or even VirtualBox (free)).
> I'll post the exercise (including the target and documentation) up
> on SourceForge following the meeting for folks who can't make it.
> As I'm going to try to bring CDs with the target VMWare image I'll 
> need to know how many to make.  If you plan to attend please e-mail
> me at jukeane at sas.upenn.edu <mailto:jukeane at sas.upenn.edu> so I
> know how many to burn.
> Have a happy holidays and hope to see you all in January.
> Cheers,
> _______________________________________________ OWASP-Philadelphia
> mailing list OWASP-Philadelphia at lists.owasp.org 
> <mailto:OWASP-Philadelphia at lists.owasp.org> 
> https://lists.owasp.org/mailman/listinfo/owasp-philadelphia
> _______________________________________________ OWASP-Philadelphia
> mailing list OWASP-Philadelphia at lists.owasp.org 
> https://lists.owasp.org/mailman/listinfo/owasp-philadelphia
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/


More information about the OWASP-Philadelphia mailing list