[Owasp-portland] How to (FLOSS)Hack

Tim tim.morgan at owasp.org
Tue Jan 1 22:54:56 UTC 2013


Happy New Year! I hope everyone had a good holiday season.

The first FLOSSHack this past summer was very successful in that we
uncovered many flaws and helped Ushahidi out a lot with their
software.  However, the event was less successful in that we didn't
provide many opportunities for less experienced participants to learn
what they should be looking for when auditing the code or attacking
the application.  Part of the reason for this was that so many
experienced people showed up and it became difficult to juggle the
incoming bug reports and discussions with setting aside time for the
folks who needed help.

For the next FLOSSHack, I have been thinking we should add a tutorial
session a week or so before the work shop.  This would give less
experienced folks a chance to learn about a few specific classes of
vulnerabilities that will be relevant when testing the target
application.  Then by the time the workshop rolls around, we'll can
all be more focused on finding bugs and winning prizes.

I should be able to throw together a short tutorial session next week,
but I need to know how many of you would be interested in attending.
I won't bother with it if there aren't many takers.  So if you are
interested, *please* put in the days that would work best for you on
this Doodle poll:
  http://www.doodle.com/qcs6bvdnvh4bv88x

For the weekdays, we would have the session in the evening.  I would
expect this to last about 1-2 hours.

Thanks!
tim


PS - Please let me know if any of you would be interested in providing
a short introduction to XSS, XXE, SQLi, directory traversal, or any
other relevant vulnerability classes.


More information about the Owasp-portland mailing list