OWASP - User contributions [en]

Boulder

2009-06-24T19:20:06Z

Ariesel: /* Next Meeting - XSS Lab - Postponed until August 20th, 2009 */

{{Chapter Template|chaptername=Boulder|extra=The chapter leaders are [mailto:kthaxton@businesspartnersolutions.com Kathy Thaxton], [mailto:mrhits777@gmail.com Jeremy Martinez], and [mailto:Andrew.Riesel@GMail.com Andrew Riesel]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}

<paypal>Boulder</paypal>

== '''Next Meeting - XSS Lab - Postponed until August 20th, 2009''' ==
Due to some location security issues we must postpone the June meeting until August. We will finish the Cross Site Scripting lab on August 20th, 2009 and we will be using a Broomfield location rather that a Fort Collins location.

The good news is we have some new sites to attack and defend with the help of Anurag Agarwal, the Director of Education at WhiteHat Security and we will have a much more intense lab.
We wholeheartedly apologize for the delay but it will be worth the wait.

Please join the Boulder OWASP Chapter on Thursday, August 20th, 2009 at Staples for a XSS lab.
THREE levels of labs - beginner, intermediate, and advanced.

=== Cross-site scripting '''LAB''' - Beginner, Intermediate, and Advanced ===

Lab to explain how to attack vulnerable sites –we will use three different examples and
Spend one half hour on each: Basic attacks, intermediate and advanced.
Teacher TBA.
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at '''Staples: [http://maps.google.com/maps?q=1+Environmental+Way,+Broomfield,+CO+80021,+USA&sa=X&oi=map&ct=title One Environmental Way, Broomfield, Co. 80021]'''
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (we’ll choose one)

Black Hat DC researchers demonstrate new cross-site scripting browser hack that lets attackers retrieve data without a trace
[http://developers.slashdot.org/article.pl?sid=09/05/09/1339213 Should Developers Be Liable For Their Code?]

==== Resources from the Meeting - Stuff you Wish You'd Been There to Hear About :-) ====
[http://ha.ckers.org/xss.html RSnake's XSS Cheat-sheet]

=== Directions to Staples: ===

'''Staples: [http://maps.google.com/maps?q=1+Environmental+Way,+Broomfield,+CO+80021,+USA&sa=X&oi=map&ct=title One Environmental Way, Broomfield, Co. 80021]'''

=== Agenda ===
* 6 to 7:00 Dinner @ [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Corporate+Express+1+Environmental+Way,+Broomfield+colorado&sll=39.935803,-105.13092&sspn=0.077395,0.144711&ie=UTF8&ll=39.926934,-105.126565&spn=0.009676,0.018089&z=16&iwloc=A Staples CE - Broomfield]

* 7pm to 8:30 pm Cross-site scripting lab
Sponsor: '''Nope, no sponsor. It'a your chapter, BYO dinner and/or order pizza at 6'ish'''

Speaker: tbd

=== Logistics ===
Please bring a wifi equipped laptop. We recommend the [http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project OWASP LiveCD]. Go ahead and download it and familiarize yourself with it ahead of time, if you're so inclined.

Following the meeting we will have informal discussions over beverages at the [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Gordon+Biersch+Brewery+Broomfield+colorado&ie=UTF8&ll=39.935803,-105.13092&spn=0.077395,0.144711&z=13&iwloc=A Gordon Biersch Brewery and Restaurant].

-----------------------------------------------------------------------

== Boulder OWASP 2009 AGENDA ==
=== May 21, 2009 Cross site scripting Lab ===
Lab to explain how to attack vulnerable sites –we will use three different examples and
Spend one half hour on each: Basic attacks, intermediate and advanced.
Teacher TBA.

We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (we’ll choose one):

Black Hat DC researchers demonstrate new cross-site scripting browser hack that lets attackers retrieve data without a trace

[http://developers.slashdot.org/article.pl?sid=09/05/09/1339213 Should Developers Be Liable For Their Code?]

=== June 18, 2009 Part 2 Cross Site Scripting Lab – put it into practice – how to defend against Cross site scripting ===
We will defend against a basic attack, an intermediate and advanced.
Teacher TBA
Remember to bring your OWASP Live CD and your laptop with CD player.
Location will be at CSU in Fort Collins. Directions will be forthcoming.
6:30 to 7pm Dinner (Brown Bag or we will all order pizza) Lab from 7pm to 9pm.

=== No meetings July or August 2009 ===
We will try to put up the sites that we are defending against in the June Lab so that you can have a go at them over the break.

=== September 17, 2009 Sql injection ===
We will be using SQL injection to attack using authentication bypass, database enumeration, adding users through sql injection, Data mining, writing code
Teacher TBA
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (TBA).

=== October, 22, 2009 Defense against sql injection – how to sanitize user input ===
Teacher TBA
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (TBA).

=== November, 19, 2009 This Lab will put into action the SQL injection attack and the defense. ===
We will be using the attacks from the September meeting and then defending against them.
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (TBA).

=== December - Date TBA “Capture the Holiday flag” ===
We are planning on reserving space at a restaurant. What better way to Capture the Flag than over a couple of beers?

Boulder

2009-06-24T19:18:52Z

Ariesel: /* Next Meeting - XSS Lab - Thurs, May 21st, 6 PM, Staples */

{{Chapter Template|chaptername=Boulder|extra=The chapter leaders are [mailto:kthaxton@businesspartnersolutions.com Kathy Thaxton], [mailto:mrhits777@gmail.com Jeremy Martinez], and [mailto:Andrew.Riesel@GMail.com Andrew Riesel]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}

<paypal>Boulder</paypal>

== '''Next Meeting - XSS Lab - Postponed until August 20th, 2009''' ==
Please join the Boulder OWASP Chapter on Thursday, August 20th, 2009 at Staples for a XSS lab.

Due to some location security issues we must postpone the June meeting until August. We will finish the Cross Site Scripting lab on August 20th, 2009 and we will be using a Broomfield location rather that a Fort Collins location.

The good news is we have some new sites to attack and defend with the help of Anurag Agarwal, the Director of Education at WhiteHat Security and we will have a much more intense lab.

We wholeheartedly apologize for the delay but it will be worth the wait.

THREE levels of labs - beginner, intermediate, and advanced.

=== Cross-site scripting '''LAB''' - Beginner, Intermediate, and Advanced ===

Lab to explain how to attack vulnerable sites –we will use three different examples and
Spend one half hour on each: Basic attacks, intermediate and advanced.
Teacher TBA.
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at '''Staples: [http://maps.google.com/maps?q=1+Environmental+Way,+Broomfield,+CO+80021,+USA&sa=X&oi=map&ct=title One Environmental Way, Broomfield, Co. 80021]'''
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (we’ll choose one)

Black Hat DC researchers demonstrate new cross-site scripting browser hack that lets attackers retrieve data without a trace
[http://developers.slashdot.org/article.pl?sid=09/05/09/1339213 Should Developers Be Liable For Their Code?]

==== Resources from the Meeting - Stuff you Wish You'd Been There to Hear About :-) ====
[http://ha.ckers.org/xss.html RSnake's XSS Cheat-sheet]

=== Directions to Staples: ===

'''Staples: [http://maps.google.com/maps?q=1+Environmental+Way,+Broomfield,+CO+80021,+USA&sa=X&oi=map&ct=title One Environmental Way, Broomfield, Co. 80021]'''

=== Agenda ===
* 6 to 7:00 Dinner @ [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Corporate+Express+1+Environmental+Way,+Broomfield+colorado&sll=39.935803,-105.13092&sspn=0.077395,0.144711&ie=UTF8&ll=39.926934,-105.126565&spn=0.009676,0.018089&z=16&iwloc=A Staples CE - Broomfield]

* 7pm to 8:30 pm Cross-site scripting lab
Sponsor: '''Nope, no sponsor. It'a your chapter, BYO dinner and/or order pizza at 6'ish'''

Speaker: tbd

=== Logistics ===
Please bring a wifi equipped laptop. We recommend the [http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project OWASP LiveCD]. Go ahead and download it and familiarize yourself with it ahead of time, if you're so inclined.

Following the meeting we will have informal discussions over beverages at the [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Gordon+Biersch+Brewery+Broomfield+colorado&ie=UTF8&ll=39.935803,-105.13092&spn=0.077395,0.144711&z=13&iwloc=A Gordon Biersch Brewery and Restaurant].

-----------------------------------------------------------------------

== Boulder OWASP 2009 AGENDA ==
=== May 21, 2009 Cross site scripting Lab ===
Lab to explain how to attack vulnerable sites –we will use three different examples and
Spend one half hour on each: Basic attacks, intermediate and advanced.
Teacher TBA.

We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (we’ll choose one):

Black Hat DC researchers demonstrate new cross-site scripting browser hack that lets attackers retrieve data without a trace

[http://developers.slashdot.org/article.pl?sid=09/05/09/1339213 Should Developers Be Liable For Their Code?]

=== June 18, 2009 Part 2 Cross Site Scripting Lab – put it into practice – how to defend against Cross site scripting ===
We will defend against a basic attack, an intermediate and advanced.
Teacher TBA
Remember to bring your OWASP Live CD and your laptop with CD player.
Location will be at CSU in Fort Collins. Directions will be forthcoming.
6:30 to 7pm Dinner (Brown Bag or we will all order pizza) Lab from 7pm to 9pm.

=== No meetings July or August 2009 ===
We will try to put up the sites that we are defending against in the June Lab so that you can have a go at them over the break.

=== September 17, 2009 Sql injection ===
We will be using SQL injection to attack using authentication bypass, database enumeration, adding users through sql injection, Data mining, writing code
Teacher TBA
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (TBA).

=== October, 22, 2009 Defense against sql injection – how to sanitize user input ===
Teacher TBA
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (TBA).

=== November, 19, 2009 This Lab will put into action the SQL injection attack and the defense. ===
We will be using the attacks from the September meeting and then defending against them.
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (TBA).

=== December - Date TBA “Capture the Holiday flag” ===
We are planning on reserving space at a restaurant. What better way to Capture the Flag than over a couple of beers?

Boulder

2009-05-20T14:53:36Z

Ariesel:

{{Chapter Template|chaptername=Boulder|extra=The chapter leaders are [mailto:kthaxton@businesspartnersolutions.com Kathy Thaxton], [mailto:mrhits777@gmail.com Jeremy Martinez], and [mailto:Andrew.Riesel@GMail.com Andrew Riesel]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}

<paypal>Boulder</paypal>

== '''Next Meeting - XSS Lab - Thurs, May 21st, 6 PM, Staples''' ==
Please join the Boulder OWASP Chapter on Thursday, May 21st, 2009 at Staples for a XSS lab.

THREE levels of labs - beginner, intermediate, and advanced.

=== Cross-site scripting '''LAB''' - Beginner, Intermediate, and Advanced ===

Lab to explain how to attack vulnerable sites –we will use three different examples and
Spend one half hour on each: Basic attacks, intermediate and advanced.
Teacher TBA.
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at '''Staples: [http://maps.google.com/maps?q=1+Environmental+Way,+Broomfield,+CO+80021,+USA&sa=X&oi=map&ct=title One Environmental Way, Broomfield, Co. 80021]'''
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (we’ll choose one)

Black Hat DC researchers demonstrate new cross-site scripting browser hack that lets attackers retrieve data without a trace
[http://developers.slashdot.org/article.pl?sid=09/05/09/1339213 Should Developers Be Liable For Their Code?]

=== Directions to Staples: ===

'''Staples: [http://maps.google.com/maps?q=1+Environmental+Way,+Broomfield,+CO+80021,+USA&sa=X&oi=map&ct=title One Environmental Way, Broomfield, Co. 80021]'''

=== Agenda ===
* 6 to 7:00 Dinner @ [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Corporate+Express+1+Environmental+Way,+Broomfield+colorado&sll=39.935803,-105.13092&sspn=0.077395,0.144711&ie=UTF8&ll=39.926934,-105.126565&spn=0.009676,0.018089&z=16&iwloc=A Staples CE - Broomfield]

* 7pm to 8:30 pm Cross-site scripting lab
Sponsor: '''Nope, no sponsor. It'a your chapter, BYO dinner and/or order pizza at 6'ish'''

Speaker: tbd

=== Logistics ===
Please bring a wifi equipped laptop. We recommend the [http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project OWASP LiveCD]. Go ahead and download it and familiarize yourself with it ahead of time, if you're so inclined.

Following the meeting we will have informal discussions over beverages at the [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Gordon+Biersch+Brewery+Broomfield+colorado&ie=UTF8&ll=39.935803,-105.13092&spn=0.077395,0.144711&z=13&iwloc=A Gordon Biersch Brewery and Restaurant].

-----------------------------------------------------------------------

== Boulder OWASP 2009 AGENDA ==
=== May 21, 2009 Cross site scripting Lab ===
Lab to explain how to attack vulnerable sites –we will use three different examples and
Spend one half hour on each: Basic attacks, intermediate and advanced.
Teacher TBA.
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (we’ll choose one):

Black Hat DC researchers demonstrate new cross-site scripting browser hack that lets attackers retrieve data without a trace

[http://developers.slashdot.org/article.pl?sid=09/05/09/1339213 Should Developers Be Liable For Their Code?]

=== June 18, 2009 Part 2 Cross Site Scripting Lab – put it into practice – how to defend against Cross site scripting ===
We will defend against a basic attack, an intermediate and advanced.
Teacher TBA
Remember to bring your OWASP Live CD and your laptop with CD player.
Location will be at CSU in Fort Collins. Directions will be forthcoming.
6:30 to 7pm Dinner (Brown Bag or we will all order pizza) Lab from 7pm to 9pm.

=== No meetings July or August 2009 ===
We will try to put up the sites that we are defending against in the June Lab so that you can have a go at them over the break.

=== September 17, 2009 Sql injection ===
We will be using SQL injection to attack using authentication bypass, database enumeration, adding users through sql injection, Data mining, writing code
Teacher TBA
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (TBA).

=== October, 22, 2009 Defense against sql injection – how to sanitize user input ===
Teacher TBA
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (TBA).

=== November, 19, 2009 This Lab will put into action the SQL injection attack and the defense. ===
We will be using the attacks from the September meeting and then defending against them.
We will be using the OWASP Live CD and will have them available.
Must have laptop with CD player.
Meeting will be at Staples: One Environmental Way, Broomfield, Co. 80021
Brown bag or we can order pizza when everyone gets there.
6pm to 7pm dinner and Lab from 7pm to 8:30
Drinks at Gordon Biersch after the lab. Topics up for discussion (TBA).

=== December - Date TBA “Capture the Holiday flag” ===
We are planning on reserving space at a restaurant. What better way to Capture the Flag than over a couple of beers?

[[Category:Colorado]]

Boulder OWASP Lab

2009-01-15T23:27:40Z

Ariesel: /* Desired Lab Components */

Boulder OWASP Lab

2009-01-12T23:41:22Z

Ariesel:

== NEWS! ==
=== Sept 25th 2008 - NYC CTF may get packaged up ===

There is a Capture-The-Flag (CTF) environment at the [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference NYC OWASP Con]. It seems likely that it will be packaged up and distributed. Stay tuned...

== Link to the Lab Setup Diagrams Andrew found ==

[http://infosecond.wikispaces.com/Lab+Setup+-+Diagram?f=print Diagrams] Andrew shared at the 9/18/2008 bOWASP meeting

== Desired Lab Components ==

- WLAN WAP and/or big copper switches
- host box with loads o' storage capable of running multiple victim VMs; capable of burning VMs to DVD
- Proposal: I would like to purchase a machine capable of the above "host box" specs and use it at the BOWASP meetings.
The only thing would be that this would remain my personal property. Below are the specs that I was thinking of, please
adjust if you wish and send me an email with the change.

- Antec Nine Hundred Black Steel ATX Mid Tower Computer Case
- ASUS M3A78-T AM2+/AM2 AMD 790GX HDMI ATX AMD Motherboard
- OCZ GameXStream OCZ700GXSSLI 700W ATX12V SLI Certified CrossFire Ready Active PFC Power Supply
- AMD Phenom 9950 BLACK EDITION Agena 2.6GHz Socket AM2+ 140W Quad-Core Processor Model HD995ZFAGHBOX
- 2x OCZ Reaper HPC 4GB (2 x 2GB) 240-Pin DDR2 SDRAM DDR2 1066 (PC2 8500) Dual Channel Kit Desktop Memory (8GB total)
- Western Digital Raptor WD740ADFD 74GB 10000 RPM SATA 1.5Gb/s Hard Drive
- 2x Seagate Barracuda 7200.11 ST31000333AS 1TB 7200 RPM SATA 3.0Gb/s Hard Drive
- LG 22X DVD±R DVD Burner Black SATA Model GH22NS30
I will most likely run Ubuntu 64 on it and VMWare Server so that we can mess with different VMs.
Let me know what you think. Andrew

- Web App Firewall
- IPS
- CD/DVD copying capability

- 2-factor auth for any management components; possibly for some of the target apps too...
- Hamachi or some sort of VPN so we can stay decentralized...?
- Somebody's open-source SEM/SIM to gather events so that the only time WAF/IPS/HIDS/HIPS/Whatever needs to be touched is for config changes
- [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference NYC OWASP Con's] CTF environment with all of the above

Boulder OWASP Lab

2009-01-12T23:40:42Z

Ariesel:

== NEWS! ==
=== Sept 25th 2008 - NYC CTF may get packaged up ===

There is a Capture-The-Flag (CTF) environment at the [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference NYC OWASP Con]. It seems likely that it will be packaged up and distributed. Stay tuned...

== Link to the Lab Setup Diagrams Andrew found ==

[http://infosecond.wikispaces.com/Lab+Setup+-+Diagram?f=print Diagrams] Andrew shared at the 9/18/2008 bOWASP meeting

== Desired Lab Components ==

- WLAN WAP and/or big copper switches
- host box with loads o' storage capable of running multiple victim VMs; capable of burning VMs to DVD
- Proposal: I would like to purchase a machine capable of the above "host box" specs and use it at the BOWASP meetings.
The only thing would be that this would remain my personal property. Below are the specs that I was thinking of, please
adjust if you wish and send me an email with the change.

- Antec Nine Hundred Black Steel ATX Mid Tower Computer Case
- ASUS M3A78-T AM2+/AM2 AMD 790GX HDMI ATX AMD Motherboard
- OCZ GameXStream OCZ700GXSSLI 700W ATX12V SLI Certified CrossFire Ready Active PFC Power Supply
- AMD Phenom 9950 BLACK EDITION Agena 2.6GHz Socket AM2+ 140W Quad-Core Processor Model HD995ZFAGHBOX
- 2x OCZ Reaper HPC 4GB (2 x 2GB) 240-Pin DDR2 SDRAM DDR2 1066 (PC2 8500) Dual Channel Kit Desktop Memory (8GB total)
- Western Digital Raptor WD740ADFD 74GB 10000 RPM SATA 1.5Gb/s Hard Drive
- 2x Seagate Barracuda 7200.11 ST31000333AS 1TB 7200 RPM SATA 3.0Gb/s Hard Drive
- LG 22X DVD±R DVD Burner Black SATA Model GH22NS30
I will most likely run Ubuntu 64 on it and VMWare Server so that we can mess with different VMs.
Let me know what you think. Andrew
- Web App Firewall
- IPS
- CD/DVD copying capability

- 2-factor auth for any management components; possibly for some of the target apps too...
- Hamachi or some sort of VPN so we can stay decentralized...?
- Somebody's open-source SEM/SIM to gather events so that the only time WAF/IPS/HIDS/HIPS/Whatever needs to be touched is for config changes
- [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference NYC OWASP Con's] CTF environment with all of the above