[OWASP-Philadelphia] Next OWASP Meeting, Tuesday the 15th at Radeon 1500 Market St. 32nd Floor

Aaron Weaver aaron.weaver2 at gmail.com
Mon Dec 7 22:58:50 UTC 2015

Hi all,

Come and join us next week while we eat pizza, hack web apps and learn
about secure coding. Please RSVP
for entering the building and so that we can have a count for ordering food.

*Hands on Hacking with OWASP Security Shepherd*

Come and try out one of OWASP's latest projects, OWASP Security Shepherd.
It's a web app designed for AppSec novices or experienced testers to help
sharpen penetration testing skills. Security Shepherd has a built in leader
board and creates a great competitive environment.

Participants should bring their laptops. No previous experience of hacking
web sites is required (in fact the tool starts the user from basic hacks up
to the most advanced). Those without laptops can still attend and learn
about the tool and hacking techniques involved. Participants can also form
teams to share their laptops and hack the site faster.

*Game of Hacks: The Mother of All Honeypots*

We created a “Game of Hacks” – a viral Web app marketed as a tool to train
developers on secure coding – with the intention of building a honeypot.
During a 6-month timeframe, we witnessed each attack that came at this
game, secured the app against it and studied how attackers adapted to the
mitigation measures. The lessons learnt can be applied to any Web app
introduced into the organization.

How do hackers adjust, in real-time, to various strengthening measures of
Web apps? We set to answer this question through an interactive Web app
honeypot. For the honeypot, we created a viral Web-based gaming
application. However, the lessons learnt could be applied to any Web

Aptly called “The Game of Hacks”, our gaming app was marketed as a tool to
train developers to write secure code. The app presented users a piece of
vulnerable code and a set of multiple choice questions from which the user
had to choose the correct vulnerability – in the minimal amount of time.
Storing a central database, the app kept a scoreboard of all players,
displaying the top winners. Additionally, the app was built on
crowd-sourcing capabilities where users could contribute their own piece of
code and questions.


1500 Market St. 32nd Floor, East Tower Philadelphia, PA 19103

Share this event on Facebook
 and Twitter

We hope you can make it!

OWASP Philadelphia

Aaron Weaver
Philadelphia OWASP Chapter Lead
OWASP AppSec Pipeline Lead
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-philadelphia/attachments/20151207/fa0fee8a/attachment.html>

More information about the OWASP-Philadelphia mailing list