Security: Difference between revisions
No edit summary |
|||
| Line 80: | Line 80: | ||
* Second thing | * Second thing | ||
===Thursday - 28.03.13=== | |||
===Friday - 29.03.13=== | |||
===Saturday - 30.03.13=== | |||
===Sunday - 31.03.13=== | |||
===Monday - 01.04.13=== | |||
'''NB! April fools' day!''' Beware! | |||
===Tuesday - 02.04.13=== | |||
===Wednesday - 03.04.13=== | |||
===Thursday - 04.04.13=== | |||
===Friday - 05.04.13=== | |||
===Saturday - 06.04.13=== | |||
Departure! Bye bye! | |||
==Results== | ==Results== | ||
Revision as of 19:20, 27 March 2013
Team page for Deploying IT Infrastructure Solutions.
Team Members
- Sten Aus, Estonian Information Technology College
- Matis Palm, Estonian Information Technology College
- Sandra Suviste, Estonian Information Technology College
- Markus Rintamäki, Vaasa University of Applied Sciences
- Tomas Lepistö, Vaasa University of Applied Sciences
- Mika Salmela, Vaasa University of Applied Sciences
- Kęstutis Tautvydas, Vilnius University of Applied Sciences
- Jurij Lukjančikov, Vilnius University of Applied Sciences
Goal
- OWASP top 10
- HACK DVWA
- BackTrack, SamuraiCD (Last year experience)
- Scanning and testing tools - Qualys SSL Labs
- Acunetix Web Vulnerability Scanner v.8
- SubGraph Vega
- BEAST attack
- RC4
Activity
Monday - 25.03.13
Things what we did that day
- Lectures
- Sumorobot programming
- Dinner @ St Patricks
Tuesday - 26.03.13
Things what we did that day
- Documentation!
A1 Injection - Sandra
A2 Broken Authentication and Session Management (was formerly A3) - Kestutis
A3 Cross-Site Scripting (XSS) (was formerly A2) - Kestutis
A4 Insecure Direct Object References - Markus
A5 Security Misconfiguration (was formerly A6)- Tomas
A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection) - Mika
A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access) - Sten
A8 Cross-Site Request Forgery (CSRF) (was formerly A5) - Matis
A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration) - Jurij
A10 Unvalidated Redirects and Forwards - Sten
Problems what we faced:
- Still need to get everyone a VM with DVWA running
- Second problem
Things what we plan to do:
- Copy Paste
- Divide OWASP tasks
Wednesday - 27.03.13
Things what we did that day
- First thing
- Second thing
Problems what we faced:
- First problem
- Second problem
Questions and answers from client:
- First Question
Answer to question
- Second Question
Answer to question
Things what we plan to do:
- First thing
- Second thing
Thursday - 28.03.13
Friday - 29.03.13
Saturday - 30.03.13
Sunday - 31.03.13
Monday - 01.04.13
NB! April fools' day! Beware!
Tuesday - 02.04.13
Wednesday - 03.04.13
Thursday - 04.04.13
Friday - 05.04.13
Saturday - 06.04.13
Departure! Bye bye!
Results
Summary of what we did and solution what we developed
