Security

From ICO wiki
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Team page for Deploying IT Infrastructure Solutions.

Team Members

  • Sten Aus Estonian Information Technology College
  • Matis Palm Estonian Information Technology College
  • Sandra Suviste Estonian Information Technology College
  • Markus Rintamäki Vaasa University of Applied Sciences
  • Tomas Lepistö Vaasa University of Applied Sciences
  • Mika Salmela Vaasa University of Applied Sciences
  • Kęstutis Tautvydas Vilnius University of Applied Sciences
  • Jurij Lukjančikov Vilnius University of Applied Sciences

Goal

  • OWASP top 10
  • HACK DVWA
  • BackTrack, SamuraiCD (Last year experience)
  • Scanning and testing tools - Qualys SSL Labs
  • Acunetix Web Vulnerability Scanner v.8
  • SubGraph Vega
  • BEAST attack
  • RC4

Activity

Monday - 25.03.13

Things what we did that day

  • Lectures
  • Sumorobot programming
  • Dinner @ St Patricks

Tuesday - 26.03.13

Things what we did that day

  • Documentation!
 A1 Injection -  Sandra 
 A2 Broken Authentication and Session Management (was formerly A3) -  Kestutis 
 A3 Cross-Site Scripting (XSS) (was formerly A2) -  Kestutis 
A4 Insecure Direct Object References -  Markus 
  A5 Security Misconfiguration (was formerly A6)-  Tomas  
 A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection) -  Mika 
 A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access) -  Sten 
   A8 Cross-Site Request Forgery (CSRF) (was formerly A5) -  Matis 
 A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)

- Jurij

 A10 Unvalidated Redirects and Forwards -  Sten 


Problems what we faced:

  • Still need to get everyone a VM with DVWA running
  • Second problem

Things what we plan to do:

  • Copy Paste
  • Divide OWASP tasks

Wednesday - 27.03.13

Things what we did that day

  • First thing
  • Second thing

Problems what we faced:

  • First problem
  • Second problem

Questions and answers from client:

  • First Question

Answer to question

  • Second Question

Answer to question

Things what we plan to do:

  • First thing
  • Second thing


Results

Summary of what we did and solution what we developed

Final documentation

Analysis

Solution

IP Feed-back

Member 1 feedback

I liked this and that.

Member 2 feedback

I liked this and that. Didn't like.