Security: Difference between revisions
No edit summary |
|||
| Line 91: | Line 91: | ||
==IP Feed-back== | ==IP Feed-back== | ||
=== | ===Sten Aus' feedback=== | ||
=== | |||
===Matis Palm's feedback=== | |||
===Sandra Suviste's feedback=== | |||
===Markus Rintamäki's feedback=== | |||
===Tomas Lepistö's feedback=== | |||
===Mika Salmela's feedback=== | |||
===Kęstutis Tautvydas's feedback=== | |||
===Jurij Lukjančikov's feedback=== | |||
Revision as of 20:17, 27 March 2013
Team page for Deploying IT Infrastructure Solutions.
Team Members
- Sten Aus, Estonian Information Technology College
- Matis Palm, Estonian Information Technology College
- Sandra Suviste, Estonian Information Technology College
- Markus Rintamäki, Vaasa University of Applied Sciences
- Tomas Lepistö, Vaasa University of Applied Sciences
- Mika Salmela, Vaasa University of Applied Sciences
- Kęstutis Tautvydas, Vilnius University of Applied Sciences
- Jurij Lukjančikov, Vilnius University of Applied Sciences
Goal
- OWASP top 10
- HACK DVWA
- BackTrack, SamuraiCD (Last year experience)
- Scanning and testing tools - Qualys SSL Labs
- Acunetix Web Vulnerability Scanner v.8
- SubGraph Vega
- BEAST attack
- RC4
Activity
Monday - 25.03.13
Things what we did that day
- Lectures
- Sumorobot programming
- Dinner @ St Patricks
Tuesday - 26.03.13
Things what we did that day
- Documentation!
A1 Injection - Sandra
A2 Broken Authentication and Session Management (was formerly A3) - Kestutis
A3 Cross-Site Scripting (XSS) (was formerly A2) - Kestutis
A4 Insecure Direct Object References - Markus
A5 Security Misconfiguration (was formerly A6)- Tomas
A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection) - Mika
A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access) - Sten
A8 Cross-Site Request Forgery (CSRF) (was formerly A5) - Matis
A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration) - Jurij
A10 Unvalidated Redirects and Forwards - Sten
Problems what we faced:
- Still need to get everyone a VM with DVWA running
- Second problem
Things what we plan to do:
- Copy Paste
- Divide OWASP tasks
Wednesday - 27.03.13
Things what we did that day
- First thing
- Second thing
Problems what we faced:
- First problem
- Second problem
Questions and answers from client:
- First Question
Answer to question
- Second Question
Answer to question
Things what we plan to do:
- First thing
- Second thing
Results
Summary of what we did and solution what we developed
