[Owasp-rhodeisland] OWASP RI: April 16, 6:30 pm, Broken Web Apps Project

Patrick Laverty patrick.laverty at owasp.org
Tue Apr 1 18:57:09 UTC 2014

Hi all-

On Wednesday April 16 at 6:30 pm, we will have Mordecai Kraushar to talk
about the OWASP Broken Web Applications (BWA) Project. If you've ever
wanted to learn how to research web application security vulnerabilities
but don't know what site to practice on, then this talk is for you!

The presentation will include a demonstration of some of the realistic,
vulnerable web applications within the OWASP BWA project, including
applications written in PERL, PHP and Rails.

The presentation will demonstrate the many benefits of such vulnerable

· Testing web application scanners (people)
· Testing web application scanners (products)
· Testing source code analysis tools
· Examining code that allows the vulnerabilities
· Testing web application firewalls
· Reviewing evidence left by attacks

Mordecai Kraushar is Director of Audit for CipherTechs, a security solutions
company based in New York City. He leads an OWASP project called Vicnum,
(it is part of the OWASPBWA project)  which demonstrates vulnerabilities
such as cross-site scripting, SQL injections and session management issues
that are helpful to IT auditors developing  web security skills.  This
application has also been used in multiple 'capture the flag' challenges
including the Breaking Bad CTF at AppSecUSA in New York this past November.


The meeting will be held at Swipely (https://www.swipely.com), 10 Dorrance
St, 9th Floor at 6:30 pm. Please RSVP to patrick.laverty at owasp.org so the
lobby security guard will let you up quickly.

Lastly, May's meeting will be on May 7 and it will be about
xssValidator. xssValidator
is a tool developed to automate the testing and validation of Cross-Site
Scripting (xss) vulnerabilities within web applications.

Thanks all, hope to see you on the 16th!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-rhodeisland/attachments/20140401/6414f4a3/attachment.html>

More information about the Owasp-rhodeisland mailing list