Difference between revisions of "Security"

From ICO wiki
(Activity)
Line 80: Line 80:
 
* Second thing
 
* Second thing
  
 +
===Thursday - 28.03.13===
 +
 +
 +
===Friday - 29.03.13===
 +
 +
 +
===Saturday - 30.03.13===
 +
 +
 +
===Sunday - 31.03.13===
 +
 +
 +
===Monday - 01.04.13===
 +
'''NB! April fools' day!''' Beware!
 +
 +
===Tuesday - 02.04.13===
 +
 +
 +
===Wednesday - 03.04.13===
 +
 +
 +
===Thursday - 04.04.13===
 +
 +
 +
===Friday - 05.04.13===
 +
 +
 +
===Saturday - 06.04.13===
 +
Departure! Bye bye!
  
 
==Results==
 
==Results==

Revision as of 20:20, 27 March 2013

Team page for Deploying IT Infrastructure Solutions.

Team Members

  • Sten Aus, Estonian Information Technology College
  • Matis Palm, Estonian Information Technology College
  • Sandra Suviste, Estonian Information Technology College
  • Markus Rintamäki, Vaasa University of Applied Sciences
  • Tomas Lepistö, Vaasa University of Applied Sciences
  • Mika Salmela, Vaasa University of Applied Sciences
  • Kęstutis Tautvydas, Vilnius University of Applied Sciences
  • Jurij Lukjančikov, Vilnius University of Applied Sciences

Goal

  • OWASP top 10
  • HACK DVWA
  • BackTrack, SamuraiCD (Last year experience)
  • Scanning and testing tools - Qualys SSL Labs
  • Acunetix Web Vulnerability Scanner v.8
  • SubGraph Vega
  • BEAST attack
  • RC4

Activity

Monday - 25.03.13

Things what we did that day

  • Lectures
  • Sumorobot programming
  • Dinner @ St Patricks

Tuesday - 26.03.13

Things what we did that day

  • Documentation!

A1 Injection - Sandra

A2 Broken Authentication and Session Management (was formerly A3) - Kestutis

A3 Cross-Site Scripting (XSS) (was formerly A2) - Kestutis

A4 Insecure Direct Object References - Markus

A5 Security Misconfiguration (was formerly A6)- Tomas

A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection) - Mika

A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access) - Sten

A8 Cross-Site Request Forgery (CSRF) (was formerly A5) - Matis

A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration) - Jurij

A10 Unvalidated Redirects and Forwards - Sten


Problems what we faced:

  • Still need to get everyone a VM with DVWA running
  • Second problem

Things what we plan to do:

  • Copy Paste
  • Divide OWASP tasks

Wednesday - 27.03.13

Things what we did that day

  • First thing
  • Second thing

Problems what we faced:

  • First problem
  • Second problem

Questions and answers from client:

  • First Question

Answer to question

  • Second Question

Answer to question

Things what we plan to do:

  • First thing
  • Second thing

Thursday - 28.03.13

Friday - 29.03.13

Saturday - 30.03.13

Sunday - 31.03.13

Monday - 01.04.13

NB! April fools' day! Beware!

Tuesday - 02.04.13

Wednesday - 03.04.13

Thursday - 04.04.13

Friday - 05.04.13

Saturday - 06.04.13

Departure! Bye bye!

Results

Summary of what we did and solution what we developed

Final documentation

Analysis

Solution

IP Feed-back

Sten Aus' feedback

Matis Palm's feedback

Sandra Suviste's feedback

Markus Rintamäki's feedback

Tomas Lepistö's feedback

Mika Salmela's feedback

Kęstutis Tautvydas's feedback

Jurij Lukjančikov's feedback