[OWASP-Philadelphia] Philadelphia OWASP Meeting 1/8

Justin C. Klein Keane jukeane at sas.upenn.edu
Mon Dec 17 14:56:42 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

  my pleasure.  I'm getting to play with stuff like Twitter Bootstrap
and PhantomJS to put it together and I'm going to test out some
testing tools like OWASP ZAP and W3AF against it as well so I should
get some good exposure to using more tools :)

Justin C. Klein Keane, MA MCIT
Senior Information Security Specialist
University of Pennsylvania, School of Arts & Sciences

The PGP signature on this email can be verified using the public key at
https://sites.sas.upenn.edu/kleinkeane

On 12/17/2012 09:36 AM, Aaron Weaver wrote:
> Thanks for putting this together. Looking forward to the CTF.
> 
> On Mon, Dec 17, 2012 at 9:05 AM, Justin C. Klein Keane 
> <jukeane at sas.upenn.edu <mailto:jukeane at sas.upenn.edu>> wrote:
> 
> Hello all,
> 
> TLDR: Please RSVP to jukeane at sas.upenn.edu 
> <mailto:jukeane at sas.upenn.edu> if you plan to attend the January
> meeting, which will be held on Penn's campus in Fisher Bennet hall
> (at the corner of 34th and Walnut) room 224.
> 
> I've tallied the votes for the topic of our 1/8 meeting and there 
> were no offers from other speakers or suggestions for alternative 
> topics.  Folks voted for just two topics, with capture the flag
> (CTF) getting the most votes, the rest for a discussion of tools.
> 
> I'm working on finishing the capture the flag, which will actually 
> focus on a number of tools used for testing.  The CTF follows the 
> format of others I've done in the past 
> (https://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/).
>
> 
The exercise will consist of a VMWare virtual machine image along
> with a PDF of documentation for one potential route to compromise
> the target.  The target is a fully working server with a complete
> LAMP stack including a vulnerable web application.  This CTF should
> be fun because I'm going to use PhantomJS to simulate users
> interacting with any web applications installed on the target
> (making XSS attacks valid).
> 
> In order to make the most of the exercise you should bring a
> laptop with something capable of running a VMWare image (VMWare
> Player (free), Workstation, Fusion, or even VirtualBox (free)).
> I'll post the exercise (including the target and documentation) up
> on SourceForge following the meeting for folks who can't make it.
> 
> As I'm going to try to bring CDs with the target VMWare image I'll 
> need to know how many to make.  If you plan to attend please e-mail
> me at jukeane at sas.upenn.edu <mailto:jukeane at sas.upenn.edu> so I
> know how many to burn.
> 
> Have a happy holidays and hope to see you all in January.
> 
> Cheers,
> 
> _______________________________________________ OWASP-Philadelphia
> mailing list OWASP-Philadelphia at lists.owasp.org 
> <mailto:OWASP-Philadelphia at lists.owasp.org> 
> https://lists.owasp.org/mailman/listinfo/owasp-philadelphia
> 
> 
> 
> 
> _______________________________________________ OWASP-Philadelphia
> mailing list OWASP-Philadelphia at lists.owasp.org 
> https://lists.owasp.org/mailman/listinfo/owasp-philadelphia
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQzzKqAAoJEIH7slQlJAgKlysP/32WwaGcFUW0yp3y7cOY2H+m
vALnRmP7h2pYTYpheVkj4wGRG5qKcBEKVok25ZLYuPSAWNCEYlCt9S+3Nt+o6TvC
JhZ8sKrlmNdi91aqs5fJ4SoO0C/lGhRhyNeVN9ZjkVf51TO9bfTpm9iNd3z6Ixyh
wlQ4ZHUo7hcOLArx+0auB9J0inIQtGw8tiiinz6k1W2/W4r0WUHqxgWJlux6Ft0k
dj+LK1zW69ABTNlnQRUHuko5AnpSlGZQfSDV1kBLdLYAFX+s94GC98cStmMJ8Ah9
Nuv/HJB8XTV78qwvfeD+QUkqmLW3mADq4Bm7yzs54odcuEJjBpWv4MGKRJ7TyR7F
Jp2rCmkc/SY/Hekot4REuQpdTJVQB1lcTWtPqSLaI4sG401aDtmDDG1Tt2PS5F0U
JdmIU0CeDPhQcuMdXxha7kxoqCl3pNWnIBmycNqNb+2Gi8E8w+osLvg05IeMZ8lk
vNLxXgAcBJElj95MjWe7J5ZVnBtNpnd9pdnfXPP+iUdtedxZGC7PdzrJnx0zIETv
qh98UyfMT4ok4RMtPLArLe01Y28C4ajPqO+tfmmm7nJo1aLmVNbU9zMD8mh6HrMa
QWGANtKNAcjf/mKIUCuB2kNwGI9ub6cED47mrJfCSPJ84J4JE2nAlGMP2TGcoXrw
XM0UfCaWedOYb9YFxHCe
=rTsf
-----END PGP SIGNATURE-----


More information about the OWASP-Philadelphia mailing list