Security: Difference between revisions
Line 31: | Line 31: | ||
Things what we did that day | Things what we did that day | ||
* Documentation! | * Documentation! | ||
A1 Injection - <b>Sandra </b> | |||
A2 Broken Authentication and Session Management (was formerly A3) - Kestutis | |||
A3 Cross-Site Scripting (XSS) (was formerly A2) - Kestutis | |||
A4 Insecure Direct Object References - Markus | |||
A5 Security Misconfiguration (was formerly A6)- Tomas | |||
A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection) - Mika | |||
A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access) - Sten | |||
A8 Cross-Site Request Forgery (CSRF) (was formerly A5) - Matis | |||
A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration) | |||
-Jurij | |||
A10 Unvalidated Redirects and Forwards - Sten | |||
Problems what we faced: | Problems what we faced: |
Revision as of 16:18, 26 March 2013
Team page for Deploying IT Infrastructure Solutions.
Team Members
- Sten Aus Estonian Information Technology College
- Matis Palm Estonian Information Technology College
- Sandra Suviste Estonian Information Technology College
- Markus Rintamäki Vaasa University of Applied Sciences
- Tomas Lepistö Vaasa University of Applied Sciences
- Mika Salmela Vaasa University of Applied Sciences
- Kęstutis Tautvydas Vilnius University of Applied Sciences
- Jurij Lukjančikov Vilnius University of Applied Sciences
Goal
- OWASP top 10
- HACK DVWA
- BackTrack, SamuraiCD (Last year experience)
- Scanning and testing tools - Qualys SSL Labs
- Acunetix Web Vulnerability Scanner v.8
- SubGraph Vega
- BEAST attack
- RC4
Activity
Monday - 25.03.13
Things what we did that day
- Lectures
- Sumorobot programming
- Dinner @ St Patricks
Tuesday - 26.03.13
Things what we did that day
- Documentation!
A1 Injection - Sandra
A2 Broken Authentication and Session Management (was formerly A3) - Kestutis
A3 Cross-Site Scripting (XSS) (was formerly A2) - Kestutis
A4 Insecure Direct Object References - Markus
A5 Security Misconfiguration (was formerly A6)- Tomas
A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection) - Mika
A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access) - Sten
A8 Cross-Site Request Forgery (CSRF) (was formerly A5) - Matis
A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration) -Jurij
A10 Unvalidated Redirects and Forwards - Sten
Problems what we faced:
- Still need to get everyone a VM with DVWA running
- Second problem
Things what we plan to do:
- Copy Paste
- Divide OWASP tasks
Wednesday - 27.03.13
Things what we did that day
- First thing
- Second thing
Problems what we faced:
- First problem
- Second problem
Questions and answers from client:
- First Question
Answer to question
- Second Question
Answer to question
Things what we plan to do:
- First thing
- Second thing
Results
Summary of what we did and solution what we developed
Final documentation
Analysis
Solution
IP Feed-back
Member 1 feedback
I liked this and that.
Member 2 feedback
I liked this and that. Didn't like.