https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=RdseceOWASP - User contributions [en]2026-05-20T11:48:59ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=AltoroMutual&diff=245175AltoroMutual2018-11-15T18:29:01Z<p>Rdsece: Spelling Mistake</p>
<hr />
<div>__TOC__<br />
<br />
AltoroMutual is an vulnerable-by-design web application created by WatchFire (now AppScan Standard) as a demo test application for their BlackBox Scanner.<br />
<br />
===URL===<br />
The AltoroMutual web application can be reach on http://demo.testfire.net/ and it is commonly used to test BlackBox Scanners (IBM's AppScan Standard Evaluation version is hard-coded to only allow this website)<br />
<br />
===Source Code===<br />
The C# source code for AltoroMutual is currently not publicly available.<br />
<br />
===Vulnerabilties===<br />
There are number of vulnerabilities (as described in the [[OWASP Top 10]]) in this application.<br />
<br />
The objective on this WIKI page is to provide detailed explantion of its exploit vector and how it could be protected (WAF or code changes)<br />
<br />
====External resources====<br />
Here are a number of resources that map the current vulnerabilities in AltoroMutual:<br />
* [http://www.jedimercer.com/filez/WebApp_Throwdown/webapp%20throwdown%20-%20core%20impact.pdf Core Impact Professional assessment report]<br />
* http://parsonsisconsulting.wordpress.com/2010/11/25/sql-injection-with-02-and-google-database-plugin/<br />
* http://parsonsisconsulting.wordpress.com/2010/11/24/the-power-of-02-scripting/<br />
<br />
[[Category:OWASP O2 Platform]]</div>Rdsecehttps://wiki.owasp.org/index.php?title=User:Rdsece&diff=221102User:Rdsece2016-09-08T07:23:41Z<p>Rdsece: </p>
<hr />
<div>My Name is Ramandeep Singh. Pursuing Masters in Information Security from Chicago, USA. Worked as an Information Security Consultant with a Forensic Science Laboratory in India for 2 Years, where I was dealing with the exhibits from Court Of Law, given my expert opinion of more than 500 cases successfully. My major role was to investigate the crime scene, maintaining the chain of custody, then analysis of the Digital evidences seized from the crime scene. I have experience on working with various Digital Forensic Toolkits and Mobile Forensic Toolkits like Encase Forensics, UFED Touch, AccessData FTK etc. Some of my certifications includes CHFI, CEH, CompTIA Security+, CompTIA Networking+,CompTIA A+.</div>Rdsece