OWASP - User contributions [en]

OWASP Licenses

2012-12-12T17:55:56Z

Justin Searle:

'''OWASP and Licensing'''

The OWASP Foundation uses several licenses to distribute software, documentation, and other materials. Contact us for agreements concerning acceptance of materials from individuals and corporations, such as existing documents or software projects. These licenses help us ensure that OWASP projects are supported longterm, and the materials produced can be easily used and are free and open to everyone.

==Use of the OWASP Brand==

The use of the OWASP Brand is covered by the [[OWASP brand usage rules]].

==Licensing of OWASP Website Content==

We welcome the use of OWASP website content. If you would like to use anything from the wiki in another work, you must follow the terms of the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution ShareAlike 3.0 license (CC-BY-SA)]. We strongly encourage organizations to use OWASP materials for their internal purposes. If you want to distribute modified OWASP materials externally, you must make them available under the CC-BY-SA license - preferably by making your improvements directly at OWASP. Thanks!

==Licensing of OWASP Projects==

All software, documentation, and other materials produced by The OWASP Foundation or any OWASP Project is licensed according to an open source license as defined by the [[http://opensource.org/licenses/category Open Source Initiative (OSI) organization]]. For licensing questions, please contact us at [mailto:projects@owasp.org projects@owasp.org].

In an effort to help OWASP Project leaders choose the appropriate license for their project, the Global Project Committee recommends the following open source licenses. Understand that these licenses are only recommendations and Project Leaders are welcome to use any [[http://opensource.org/licenses/category Open Source Initiative (OSI) organization]] approved license they wish.

{{Recommended_Licenses}}

==Contributor License Agreements==

OWASP desires that all contributors of ideas, code, or documentation to the OWASP projects complete, sign, and submit (via snailmail or fax) a [[Contributor License Agreement]]. The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to OWASP and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time. All contributions made through the website are covered by the clickthrough license on the account creation page.

==Assignment of Copyright Agreement==

In the case that the contributor desire to assign copyright to the OWASP Foundation, please use the [[Assignment of Copyright Agreement]]. Assignment of copyright is not strictly necessary but is an option available to those contributors who would prefer that the OWASP Foundation hold the copyright for contributed materials.

OWASP Licenses

2012-12-12T17:55:01Z

Justin Searle:

'''OWASP and Licensing'''

The OWASP Foundation uses several licenses to distribute software, documentation, and other materials. Contact us for agreements concerning acceptance of materials from individuals and corporations, such as existing documents or software projects. These licenses help us ensure that OWASP projects are supported longterm, and the materials produced can be easily used and are free and open to everyone.

==Use of the OWASP Brand==

The use of the OWASP Brand is covered by the [[OWASP brand usage rules]].

==Licensing of OWASP Website Content==

We welcome the use of OWASP website content. If you would like to use anything from the wiki in another work, you must follow the terms of the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution ShareAlike 3.0 license (CC-BY-SA)]. We strongly encourage organizations to use OWASP materials for their internal purposes. If you want to distribute modified OWASP materials externally, you must make them available under the CC-BY-SA license - preferably by making your improvements directly at OWASP. Thanks!

==Licensing of OWASP Projects==

All software, documentation, and other materials produced by The OWASP Foundation or any OWASP Project is licensed according to an open source license as defined by the [[http://opensource.org/licenses/category Open Source Initiative (OSI) organization]]. For licensing questions, please contact us at [mailto:projects@owasp.org projects@owasp.org].

==OWASP Recommended Licenses==

In an effort to help OWASP Project leaders choose the appropriate license for their project, the Global Project Committee recommends the following open source licenses. Understand that these licenses are only recommendations and Project Leaders are welcome to use any [[http://opensource.org/licenses/category Open Source Initiative (OSI) organization]] approved license they wish.

{{Recommended_Licenses}}

==Contributor License Agreements==

OWASP desires that all contributors of ideas, code, or documentation to the OWASP projects complete, sign, and submit (via snailmail or fax) a [[Contributor License Agreement]]. The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to OWASP and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time. All contributions made through the website are covered by the clickthrough license on the account creation page.

==Assignment of Copyright Agreement==

In the case that the contributor desire to assign copyright to the OWASP Foundation, please use the [[Assignment of Copyright Agreement]]. Assignment of copyright is not strictly necessary but is an option available to those contributors who would prefer that the OWASP Foundation hold the copyright for contributed materials.

OWASP Licenses

2012-12-12T17:52:17Z

Justin Searle:

'''OWASP and Licensing'''

The OWASP Foundation uses several licenses to distribute software, documentation, and other materials. Contact us for agreements concerning acceptance of materials from individuals and corporations, such as existing documents or software projects. These licenses help us ensure that OWASP projects are supported longterm, and the materials produced can be easily used and are free and open to everyone.

==Use of the OWASP Brand==

The use of the OWASP Brand is covered by the [[OWASP brand usage rules]].

==Licensing of OWASP Website Content==

We welcome the use of OWASP website content. If you would like to use anything from the wiki in another work, you must follow the terms of the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution ShareAlike 3.0 license (CC-BY-SA)]. We strongly encourage organizations to use OWASP materials for their internal purposes. If you want to distribute modified OWASP materials externally, you must make them available under the CC-BY-SA license - preferably by making your improvements directly at OWASP. Thanks!

==Licensing of OWASP Projects==

All software, documentation, and other materials produced by The OWASP Foundation or any OWASP Project is licensed according to an open source license as defined by the [[http://opensource.org/licenses/category Open Source Initiative (OSI) organization]]. For licensing questions, please contact us at [mailto:owasp@owasp.org owasp@owasp.org].

==OWASP Recommended Licenses==

In an effort to help OWASP Project leaders choose the appropriate license for their project, the Global Project Committee recommends the following open source licenses. Understand that these licenses are only recommendations and Project Leaders are welcome to use any [[http://opensource.org/licenses/category Open Source Initiative (OSI) organization]] approved license they wish.

{{Recommended_Licenses}}

==Contributor License Agreements==

OWASP desires that all contributors of ideas, code, or documentation to the OWASP projects complete, sign, and submit (via snailmail or fax) a [[Contributor License Agreement]]. The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to OWASP and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time. All contributions made through the website are covered by the clickthrough license on the account creation page.

==Assignment of Copyright Agreement==

In the case that the contributor desire to assign copyright to the OWASP Foundation, please use the [[Assignment of Copyright Agreement]]. Assignment of copyright is not strictly necessary but is an option available to those contributors who would prefer that the OWASP Foundation hold the copyright for contributed materials.

Global Conferences Committee - Application 13

2012-04-21T04:35:15Z

Justin Searle:

[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]

----
{| style="width:100%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white"|'''COMMITTEE APPLICATION FORM'''
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Applicant's Name'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Benny Ketelslegers.
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Current and past OWASP Roles'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|OWASP Japan Chapter leader.
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Committee Applying for'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Global Conferences Committee
|}
----
Some thoughts and the things I would like to do/achieve in the GCC:

I have been a passive member as part of the Belgian OWASP chapter since 2007 and picked up the role of chapter leader in Japan end of 2011 after encouragement of some other OWASP leaders. I'm a founding member and was co-organizer of the not-for-profit BruCON conference which was well received and today with 400+ attendees has a fairly good and positive reputation in the community. I believe I can leverage this experience and advise other people organizing any OWASP conference and event. I want to especially focus on supporting events in the APAC region as well as within Japan. I want to improve collaboration between the different chapters and organizers.

----
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''.
An incomplete application will not be considered for vote.
----

----
{| style="width:100%" border="0" align="center"
! colspan="8" align="center" style="background:#4058A0; color:white"|'''COMMITTEE RECOMMENDATIONS'''
|-
! align="center" style="background:white; color:white"|
! align="center" style="background:#7B8ABD; color:white"|'''Who Recommends/Name'''
! align="center" style="background:#7B8ABD; color:white"|'''Role in OWASP'''
! align="center" style="background:#7B8ABD; color:white"|'''Recommendation Content'''
|-
| style="width:3%; background:#cccccc" align="center"|'''1'''
| style="width:20%; background:#cccccc" align="center"|Kitisak Jirawannakool
| style="width:20%; background:#cccccc" align="center"|OWASP Thailand Chapter Leader
| style="width:57%; background:#cccccc" align="center"|Benny is very active and his experience is a key success.
|-
| style="width:3%; background:#cccccc" align="center"|'''2'''
| style="width:20%; background:#cccccc" align="center"|Christian Frichot
| style="width:20%; background:#cccccc" align="center"|OWASP Perth Australia Chapter Leader
| style="width:57%; background:#cccccc" align="center"|Benny is well known within the security industry as providing a solid voice. His eagerness to represent the Asia Pacific region is something that I whole-heartedly support.
|-
| style="width:3%; background:#cccccc" align="center"|'''3'''
| style="width:20%; background:#cccccc" align="center"|Sergei Belokamen
| style="width:20%; background:#cccccc" align="center"|OWASP Melbourne Australia Chapter Leader
| style="width:57%; background:#cccccc" align="center"|Benny is well known within the security industry, his vast experience across all aspects of Information Security and ongoing dedication to success of OWASP across three continents would make him an asset to the OWASP organisation. I completely support Benny in his OWASP commitment.
|-
| style="width:3%; background:#cccccc" align="center"|'''4'''
| style="width:20%; background:#cccccc" align="center"|Justin Searle
| style="width:20%; background:#cccccc" align="center"|SLC,UT Chapter Board Member & GPC committee member
| style="width:57%; background:#cccccc" align="center"|Having personally attended, spoken at, and provided training for BruCon, an annual large annual conference in Belgium which Benny started and organized, I can not recommend him high enough. His conference was VERY well organized and I believe he would bring a lot of conference managment experience to OWASP.
|-
| style="width:3%; background:#cccccc" align="center"|'''5'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|}
----

Salt Lake City

2012-01-27T03:41:21Z

Justin Searle:

{{Chapter Template|chaptername=Salt_Lake|extra= 

'''The chapter leader is [mailto:dmitry.dessiatnikov@gmail.com Dmitry Dessiatnikov]'''

'''Chapter Board Members: [mailto:justin.searle@owasp.org Justin Searle] and [mailto:hoverchops@gmail.com Cameron Tovey]'''

<paypal>Salt Lake</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Salt_Lake|emailarchives=http://lists.owasp.org/pipermail/owasp-Salt_Lake}}

== Local News ==

== ''The next OWASP Utah Chapter meeting is scheduled for Thursday November 17, 2011'' ==

'''''Date:'''''

'''Thursday November 17, 2011'''

'''''Time:'''''

'''6 pm'''

'''''Meeting location:'''''

'''Accuvant Office'''

'''406 W South Jordan Pkwy, Suite 220'''

'''South Jordan, UT 84095'''

'''(It is easiest to park on the back side of the building and enter on the 2nd floor. The office is just inside the main doors.)'''

'''''Presentation:'''''

'''''"Passfault for better passwords"'''''

'''By Cameron Morris'''

'''''Synopsis:'''''

'''Passfault is a new technique for password analysis and password policies. It finds more weak passwords, yet allowing strong passwords that typical policies deny, challenging traditional advise. We'll discuss how it works, why it's better, and how you can help. More info: http://passfault.com'''

'''Everyone is welcome to join us at our chapter meetings'''
[[Category:Utah]]

Salt Lake City

2012-01-27T03:41:11Z

Justin Searle:

{{Chapter Template|chaptername=Salt_Lake|extra=

'''The chapter leader is [mailto:dmitry.dessiatnikov@gmail.com Dmitry Dessiatnikov]'''

'''Chapter Board Members: [mailto:justin.searle@owasp.org Justin Searle] and [mailto:hoverchops@gmail.com Cameron Tovey]'''

<paypal>Salt Lake</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Salt_Lake|emailarchives=http://lists.owasp.org/pipermail/owasp-Salt_Lake}}

== Local News ==

== ''The next OWASP Utah Chapter meeting is scheduled for Thursday November 17, 2011'' ==

'''''Date:'''''

'''Thursday November 17, 2011'''

'''''Time:'''''

'''6 pm'''

'''''Meeting location:'''''

'''Accuvant Office'''

'''406 W South Jordan Pkwy, Suite 220'''

'''South Jordan, UT 84095'''

'''(It is easiest to park on the back side of the building and enter on the 2nd floor. The office is just inside the main doors.)'''

'''''Presentation:'''''

'''''"Passfault for better passwords"'''''

'''By Cameron Morris'''

'''''Synopsis:'''''

'''Passfault is a new technique for password analysis and password policies. It finds more weak passwords, yet allowing strong passwords that typical policies deny, challenging traditional advise. We'll discuss how it works, why it's better, and how you can help. More info: http://passfault.com'''

'''Everyone is welcome to join us at our chapter meetings'''
[[Category:Utah]]

Salt Lake City

2012-01-27T03:40:47Z

Justin Searle:

{{Chapter Template|chaptername=Salt_Lake|

'''The chapter leader is [mailto:dmitry.dessiatnikov@gmail.com Dmitry Dessiatnikov]'''

'''Chapter Board Members: [mailto:justin.searle@owasp.org Justin Searle] and [mailto:hoverchops@gmail.com Cameron Tovey]'''

<paypal>Salt Lake</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Salt_Lake|emailarchives=http://lists.owasp.org/pipermail/owasp-Salt_Lake}}

== Local News ==

== ''The next OWASP Utah Chapter meeting is scheduled for Thursday November 17, 2011'' ==

'''''Date:'''''

'''Thursday November 17, 2011'''

'''''Time:'''''

'''6 pm'''

'''''Meeting location:'''''

'''Accuvant Office'''

'''406 W South Jordan Pkwy, Suite 220'''

'''South Jordan, UT 84095'''

'''(It is easiest to park on the back side of the building and enter on the 2nd floor. The office is just inside the main doors.)'''

'''''Presentation:'''''

'''''"Passfault for better passwords"'''''

'''By Cameron Morris'''

'''''Synopsis:'''''

'''Passfault is a new technique for password analysis and password policies. It finds more weak passwords, yet allowing strong passwords that typical policies deny, challenging traditional advise. We'll discuss how it works, why it's better, and how you can help. More info: http://passfault.com'''

'''Everyone is welcome to join us at our chapter meetings'''
[[Category:Utah]]

Salt Lake City

2012-01-27T03:39:50Z

Justin Searle:

{{Chapter Template|chaptername=Salt_Lake

'''The chapter leader is [mailto:dmitry.dessiatnikov@gmail.com Dmitry Dessiatnikov]'''

'''Chapter Board Members: [mailto:justin.searle@owasp.org Justin Searle] and [mailto:hoverchops@gmail.com Cameron Tovey]'''

<paypal>Salt Lake</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Salt_Lake|emailarchives=http://lists.owasp.org/pipermail/owasp-Salt_Lake}}

== Local News ==

== ''The next OWASP Utah Chapter meeting is scheduled for Thursday November 17, 2011'' ==

'''''Date:'''''

'''Thursday November 17, 2011'''

'''''Time:'''''

'''6 pm'''

'''''Meeting location:'''''

'''Accuvant Office'''

'''406 W South Jordan Pkwy, Suite 220'''

'''South Jordan, UT 84095'''

'''(It is easiest to park on the back side of the building and enter on the 2nd floor. The office is just inside the main doors.)'''

'''''Presentation:'''''

'''''"Passfault for better passwords"'''''

'''By Cameron Morris'''

'''''Synopsis:'''''

'''Passfault is a new technique for password analysis and password policies. It finds more weak passwords, yet allowing strong passwords that typical policies deny, challenging traditional advise. We'll discuss how it works, why it's better, and how you can help. More info: http://passfault.com'''

'''Everyone is welcome to join us at our chapter meetings'''
[[Category:Utah]]

Salt Lake City

2012-01-27T03:38:48Z

Justin Searle:

{{Chapter Template|chaptername=Salt_Lake|extra=The chapter leader is [mailto:dmitry.dessiatnikov@gmail.com Dmitry Dessiatnikov]

Chapter Board Members: [mailto:justin.searle@owasp.org Justin Searle] and [hoverchops@gmail.com Cameron Tovey]

<paypal>Salt Lake</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Salt_Lake|emailarchives=http://lists.owasp.org/pipermail/owasp-Salt_Lake}}

== Local News ==

== ''The next OWASP Utah Chapter meeting is scheduled for Thursday November 17, 2011'' ==

'''''Date:'''''

'''Thursday November 17, 2011'''

'''''Time:'''''

'''6 pm'''

'''''Meeting location:'''''

'''Accuvant Office'''

'''406 W South Jordan Pkwy, Suite 220'''

'''South Jordan, UT 84095'''

'''(It is easiest to park on the back side of the building and enter on the 2nd floor. The office is just inside the main doors.)'''

'''''Presentation:'''''

'''''"Passfault for better passwords"'''''

'''By Cameron Morris'''

'''''Synopsis:'''''

'''Passfault is a new technique for password analysis and password policies. It finds more weak passwords, yet allowing strong passwords that typical policies deny, challenging traditional advise. We'll discuss how it works, why it's better, and how you can help. More info: http://passfault.com'''

'''Everyone is welcome to join us at our chapter meetings'''
[[Category:Utah]]

Salt Lake City

2012-01-27T03:37:06Z

Justin Searle:

{{Chapter Template|chaptername=Salt_Lake|extra=The chapter leader is [mailto:dmitry.dessiatnikov@gmail.com Dmitry Dessiatnikov]

Chapter Board: Justin Searle and Cameron Tovey

<paypal>Salt Lake</paypal>
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Salt_Lake|emailarchives=http://lists.owasp.org/pipermail/owasp-Salt_Lake}}

== Local News ==

== ''The next OWASP Utah Chapter meeting is scheduled for Thursday November 17, 2011'' ==

'''''Date:'''''

'''Thursday November 17, 2011'''

'''''Time:'''''

'''6 pm'''

'''''Meeting location:'''''

'''Accuvant Office'''

'''406 W South Jordan Pkwy, Suite 220'''

'''South Jordan, UT 84095'''

'''(It is easiest to park on the back side of the building and enter on the 2nd floor. The office is just inside the main doors.)'''

'''''Presentation:'''''

'''''"Passfault for better passwords"'''''

'''By Cameron Morris'''

'''''Synopsis:'''''

'''Passfault is a new technique for password analysis and password policies. It finds more weak passwords, yet allowing strong passwords that typical policies deny, challenging traditional advise. We'll discuss how it works, why it's better, and how you can help. More info: http://passfault.com'''

'''Everyone is welcome to join us at our chapter meetings'''
[[Category:Utah]]

OWASP AppSec DC 2012/Training/Assessing and Exploiting Web Applications with Samurai-WTF

2012-01-26T04:13:15Z

Justin Searle:

__NOTOC__
{{:OWASP AppSec DC 2012 Header}}
==Description==
'''Course Length: 2 Day'''

Come take the official Samurai-WTF training course given by the two founders and lead developers of the project! You will learn the latest Samurai-WTF open source tools and as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructors will lead you through the penetration and exploitation of various web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.

==Student Requirements==

# Laptop with a functional DVD drive
# Latest VMware Player, VMware Workstation, or VMware Fusion installed
# Ability to disable all security software on their laptop such as Antivirus and/or firewalls
# Four (4) GB of hard drive space
# At least two (2) GB of RAM

==Objectives==

Audience: Management, Technical, Operations 
Skill Level: Basic to Intermediate

# Attendees will be able to explain the steps and methodology used in performing web application assessments and penetration tests.
# Attendees will be able to use the open source tools on the Samurai-WTF CD to discover and identify vulnerabilities in web applications.
# Attendees will be able to exploit several client-side and server-side vulnerabilities. 

==Instructor==

Justin Searle & Kevin Johnson

Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

Kevin Johnson is a security consultant with Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a senior instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

[[Category:AppSec_DC_2012_Training]]
{{:OWASP AppSec DC 2012 Footer}}

OWASP AppSec DC 2012/Training/Assessing and Exploiting Web Applications with Samurai-WTF

2012-01-26T04:12:52Z

Justin Searle:

__NOTOC__
{{:OWASP AppSec DC 2012 Header}}
==Description==
'''Course Length: 2 Day'''

Come take the official Samurai-WTF training course given by the two founders and lead developers of the project! You will learn the latest Samurai-WTF open source tools and as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructors will lead you through the penetration and exploitation of various web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.

==Student Requirements==

# Laptop with a functional DVD drive
# Latest VMware Player, VMware Workstation, or VMware Fusion installed
# Ability to disable all security software on their laptop such as Antivirus and/or firewalls
# Four (4) GB of hard drive space
# At least two (2) GB of RAM

==Objectives==

Audience: Management, Technical, Operations
Skill Level: Basic to Intermediate

# Attendees will be able to explain the steps and methodology used in performing web application assessments and penetration tests.
# Attendees will be able to use the open source tools on the Samurai-WTF CD to discover and identify vulnerabilities in web applications.
# Attendees will be able to exploit several client-side and server-side vulnerabilities. 

==Instructor==

Justin Searle & Kevin Johnson

Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

Kevin Johnson is a security consultant with Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a senior instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

[[Category:AppSec_DC_2012_Training]]
{{:OWASP AppSec DC 2012 Footer}}

OWASP AppSec DC 2012/Training/Assessing and Exploiting Web Applications with Samurai-WTF

2012-01-26T04:12:24Z

Justin Searle:

__NOTOC__
{{:OWASP AppSec DC 2012 Header}}
==Description==
'''Course Length: 2 Day'''

Come take the official Samurai-WTF training course given by the two founders and lead developers of the project! You will learn the latest Samurai-WTF open source tools and as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructors will lead you through the penetration and exploitation of various web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.

==Student Requirements==

# Laptop with a functional DVD drive
# Latest VMware Player, VMware Workstation, or VMware Fusion installed
# Ability to disable all security software on their laptop such as Antivirus and/or firewalls
# Four (4) GB of hard drive space
# At least two (2) GB of RAM

==Objectives==
Audience: Management, Technical, Operations
Skill Level: Basic to Intermediate

1. Attendees will be able to explain the steps and methodology used in performing web application assessments and penetration tests. 2. Attendees will be able to use the open source tools on the Samurai-WTF CD to discover and identify vulnerabilities in web applications. 3. Attendees will be able to exploit several client-side and server-side vulnerabilities. 

==Instructor==

Justin Searle & Kevin Johnson

Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

Kevin Johnson is a security consultant with Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a senior instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

[[Category:AppSec_DC_2012_Training]]
{{:OWASP AppSec DC 2012 Footer}}

OWASP AppSec DC 2012/Training/Assessing and Exploiting Web Applications with Samurai-WTF

2012-01-26T04:07:46Z

Justin Searle:

__NOTOC__
{{:OWASP AppSec DC 2012 Header}}
==Description==
'''Course Length: 2 Day'''

Come take the official Samurai-WTF training course given by the two founders and lead developers of the project! You will learn the latest Samurai-WTF open source tools and as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructors will lead you through the penetration and exploitation of various web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.
==Student Requirements==
Laptop Required:
Students Need to Bring:
Nerf guns, assuming they make their return this year. ;-)

==Objectives==
Audience: Management, Technical, Operations
Skill Level: Basic

1. Attendees will be able to explain the steps and methodology used in performing web application assessments and penetration tests. 2. Attendees will be able to use the open source tools on the Samurai-WTF CD to discover and identify vulnerabilities in web applications. 3. Attendees will be able to exploit several client-side and server-side vulnerabilities. 
==Instructor==
Justin Searle & Kevin Johnson

Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

Kevin Johnson is a security consultant with Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a senior instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

[[Category:AppSec_DC_2012_Training]]
{{:OWASP AppSec DC 2012 Footer}}

User:Justin Searle

2011-02-11T03:12:30Z

Justin Searle:

Justin Searle is a member of the OWASP Global Project Committee and a Senior Security Analyst with [http://www.inguardians.com InGuardians], specializing in the penetration testing of web applications, networks, and embedded devices, especially those pertaining to the Smart Grid. Justin is an active member of ASAP-SG (Advanced Security Acceleration Project for the Smart Grid) and led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628. Previously, Justin served as JetBlue Airway’s IT Security Architect, and has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities and corporations. Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS. Justin co-leads prominent open source projects including the [http://samurai.inguardians.com Samurai Web Testing Framework], Middler, Yokoso!, and Laudnum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

Facebook: http://www.facebook.com/people/Justin-Searle/1533095958

LinkedIn: http://www.linkedin.com/in/meeas

Twitter: http://twitter.com/meeas