Security

Team page for Deploying IT Infrastructure Solutions.

Team Members

• Sten Aus, Estonian Information Technology College
• Matis Palm, Estonian Information Technology College
• Sandra Suviste, Estonian Information Technology College
• Markus Rintamäki, Vaasa University of Applied Sciences
• Tomas Lepistö, Vaasa University of Applied Sciences
• Mika Salmela, Vaasa University of Applied Sciences
• Kęstutis Tautvydas, Vilnius University of Applied Sciences
• Jurij Lukjančikov, Vilnius University of Applied Sciences

Goal

• OWASP top 10
• HACK DVWA
• BackTrack, SamuraiCD (Last year experience)
• Scanning and testing tools - Qualys SSL Labs
• Acunetix Web Vulnerability Scanner v.8
• SubGraph Vega
• BEAST attack
• RC4

Activity

Monday - 25.03.13

Things what we did that day

• Lectures
• Sumorobot programming
• Dinner @ St Patricks

Tuesday - 26.03.13

Things what we did that day

• Documentation!

 A1 Injection -  Sandra 

 A2 Broken Authentication and Session Management (was formerly A3) -  Kestutis 

 A3 Cross-Site Scripting (XSS) (was formerly A2) -  Kestutis 

 A4 Insecure Direct Object References -  Markus 

 A5 Security Misconfiguration (was formerly A6)-  Tomas  

 A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection) -  Mika 

 A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access) -  Sten 

 A8 Cross-Site Request Forgery (CSRF) (was formerly A5) -  Matis 

 A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)

- Jurij

 A10 Unvalidated Redirects and Forwards -  Sten 

Problems what we faced:

• Still need to get everyone a VM with DVWA running
• Second problem

Things what we plan to do:

• Copy Paste
• Divide OWASP tasks

Wednesday - 27.03.13

Things what we did that day

• First thing
• Second thing

Problems what we faced:

• First problem
• Second problem

Questions and answers from client:

• First Question

Answer to question

• Second Question

Answer to question

Things what we plan to do:

• First thing
• Second thing

Results

Summary of what we did and solution what we developed

Final documentation

Analysis

Solution

IP Feed-back

Member 1 feedback

I liked this and that.

Member 2 feedback

I liked this and that. Didn't like.