[Owasp-Recife] Fwd: Free Apache Struts Web Security Challenge

Caio Dias caio.dias at owasp.org
Thu Mar 15 12:08:14 UTC 2012


Repassando...

---------- Forwarded message ----------
From: Ivan Buetler <ivan.buetler at owasp.org>
Date: Wed, Mar 14, 2012 at 3:41 PM
Subject: Free Apache Struts Web Security Challenge
To: owasp-leaders <owasp-leaders at owasp.org>


Dear OWASP leaders,

As you might know, Hacking-Lab is providing free OWASP TOP 10 hands-on
challenges to the OWASP community. This is an inner service of GEC (Global
Education Commitee) as part of the Academy Portal project.

Vulnerabilities within used frameworks and libraries, like the Apache
Struts vulnerability do not have a prominent place with the OWASP TOP 10
list, but very important because of it's remote code execution
characteristic. Hacking-Lab has written a vulnerable Apache Struts service
and a tutorial video. Check it out.

I think it is important to discuss library and dependency risks.

Please watch the tutorial here:
* http://media.hacking-lab.com/movies/struts2/

Please read more about the Apache vulnerability here
* http://struts.apache.org/2.x/docs/s2-009.html

Please try it our, mess around in Hacking-Lab (if you like, it's free!)
* https://www.hacking-lab.com/events/registerform.html?eventid=199

Looking forward to hearing from you
Ivan Buetler, Switzerland





-- 
Caio Dias
<https://about.me/caiodias> https://about.me/caiodias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-recife/attachments/20120315/4798e975/attachment.html>


More information about the Owasp-recife mailing list