This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Southern Maryland"
(26 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | {{Chapter Template|chaptername=Southern Maryland|extra=The chapter leader is [mailto:[email protected] Larry Conklin]. | + | {{Chapter Template|chaptername=Southern Maryland |
+ | |||
+ | |extra=The chapter leader is [mailto:[email protected] Larry Conklin] and David Sanborn. | ||
+ | == Local News == | ||
+ | |||
+ | '''Meeting Location''' | ||
+ | Southern Maryland Higher Education Center 44219 Airport Road, Califorina, MD 20619 | ||
+ | Next meeting is being planned | ||
+ | Round One trivia Results | ||
+ | 6 question possible 11 points possible, all question 2 points except movie question, 1 point only. | ||
+ | |||
+ | Angela 3 | ||
+ | 2nonprogrammers 5 | ||
+ | no name 7 | ||
+ | Buddha 7 | ||
+ | Superbad 7 | ||
+ | no name 7 | ||
+ | no name 7 | ||
+ | intelligence 5 | ||
+ | |||
+ | 1. What is passive research? | ||
+ | A. It's when a pen tester conducts their work without much effort | ||
+ | B. It alerts for situations such as database errors, which facilitates an organization to ensure confidentiality and integrity | ||
+ | '''C. It's when security information is gathered about an organization from totally public sources, such as surfing the web''' | ||
+ | D. It's exploring a network and its operating systems to get an idea of how it's all configured | ||
+ | https://www.owasp.org/index.php/Testing:_Introduction_and_objectives | ||
+ | |||
+ | 2. What was the first movie to feature computer hacking? | ||
+ | '''WarGames''' | ||
+ | |||
+ | 3. What does the following command achieve? Telnet <IP Address> <Port 80> HEAD /HTTP/1.0 | ||
+ | a) This command returns the home page for the IP address specified | ||
+ | b) This command opens a backdoor Telnet session to the IP address specified | ||
+ | '''c) This command allows a hacker to determine the site’s security''' | ||
+ | d) This command is bogus and will accomplish nothing | ||
+ | https://books.google.com/books?id=N-4XDAAAQBAJ&pg=PT319&lpg=PT319&dq=telnet+ip+address+port+80+head+http/1.0&source=bl&ots=-kPqPRHEjG&sig=JEln91esv_wX5RH-u5Vf1j_gOiU&hl=en&sa=X&ved=0ahUKEwib0I2G1bnWAhVCSCYKHUKtBU0Q6AEIXzAJ#v=onepage&q=telnet%20ip%20address%20port%2080%20head%20http%2F1.0&f=false | ||
+ | |||
+ | 4. Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test on? | ||
+ | a) To determine who is the holder of the root account | ||
+ | b) To perform a DoS attack | ||
+ | c) To create needless SPAM | ||
+ | '''d) To illicit a response back that will reveal information about email servers and how they treat undeliverable mail''' | ||
+ | e) To evaluate the virus protection | ||
+ | Answer https://www.aiotestking.com/ec-council/why-would-you-consider-sending-an-email-to-an-address-that-you-know-does-not-exist-within-the-company-you-are-performing-a-penetration-test-for/ | ||
+ | |||
+ | 5. Hacker believes application is vulnerable to SQL injection. Using SQL Blind injection finish this SQL Statement. http://newspaper.com/items.php?id=2 and ??????????? so he knows yes the application is vulnerable to blind SQL injection | ||
+ | '''1 = 1''' | ||
+ | Answer is here https://www.owasp.org/index.php/Blind_SQL_Injection | ||
+ | Also https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#Summary | ||
+ | |||
+ | 6. What is the hacker trying to learn by adding each AND to the SQL statement “SELECT name FROM TableOne where id=2 “? | ||
+ | <pre> | ||
+ | a) AND ('aa'=CONCAT('a','a')) | ||
+ | b) AND 'a'='a'||'a' | ||
+ | c) AND 'aa'='a'+'a' | ||
+ | </pre> | ||
+ | '''Determine what database engine is being used by using SQL formatting''' | ||
+ | Answer is here https://www.owasp.org/index.php/OWASP_Backend_Security_Project_DBMS_Fingerprint | ||
+ | Also https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#Fingerprinting_the_Database and | ||
+ | http://www.sqlinjection.net/database-fingerprinting/ | ||
+ | |||
+ | |||
+ | |||
+ | Everyone is welcome to join us at our chapter meetings. | ||
+ | |||
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-southernmaryland|emailarchives=http://lists.owasp.org/pipermail/owasp-southernmaryland}} | |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-southernmaryland|emailarchives=http://lists.owasp.org/pipermail/owasp-southernmaryland}} | ||
+ | = Twitter = | ||
+ | <!-- Twitter Box --> {| | ||
+ | |||
+ | | style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" | | ||
+ | |||
+ | '''You can follow us on Twitter as [http://twitter.com/owaspdc @somdowasp]''' | ||
+ | | style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | | ||
+ | |||
+ | |} | ||
== Local News == | == Local News == | ||
'''Meeting Location''' | '''Meeting Location''' | ||
− | + | Southern Maryland Higher Education Center 44219 Airport Road, Califorina, MD 20619 | |
+ | '''Date/Time:''' | ||
+ | September 21, 2017, 6:00PM | ||
− | |||
− | |||
[[Category:OWASP Chapter]] | [[Category:OWASP Chapter]] | ||
[[Category:United States]] | [[Category:United States]] | ||
[[Category:Maryland]] | [[Category:Maryland]] |
Latest revision as of 21:00, 24 September 2017
OWASP Southern Maryland
Welcome to the Southern Maryland chapter homepage. The chapter leader is Larry Conklin and David Sanborn.
Local News
Meeting Location Southern Maryland Higher Education Center 44219 Airport Road, Califorina, MD 20619 Next meeting is being planned Round One trivia Results 6 question possible 11 points possible, all question 2 points except movie question, 1 point only.
Angela 3 2nonprogrammers 5 no name 7 Buddha 7 Superbad 7 no name 7 no name 7 intelligence 5
1. What is passive research? A. It's when a pen tester conducts their work without much effort B. It alerts for situations such as database errors, which facilitates an organization to ensure confidentiality and integrity C. It's when security information is gathered about an organization from totally public sources, such as surfing the web D. It's exploring a network and its operating systems to get an idea of how it's all configured https://www.owasp.org/index.php/Testing:_Introduction_and_objectives
2. What was the first movie to feature computer hacking? WarGames
3. What does the following command achieve? Telnet <IP Address> <Port 80> HEAD /HTTP/1.0 a) This command returns the home page for the IP address specified b) This command opens a backdoor Telnet session to the IP address specified c) This command allows a hacker to determine the site’s security d) This command is bogus and will accomplish nothing https://books.google.com/books?id=N-4XDAAAQBAJ&pg=PT319&lpg=PT319&dq=telnet+ip+address+port+80+head+http/1.0&source=bl&ots=-kPqPRHEjG&sig=JEln91esv_wX5RH-u5Vf1j_gOiU&hl=en&sa=X&ved=0ahUKEwib0I2G1bnWAhVCSCYKHUKtBU0Q6AEIXzAJ#v=onepage&q=telnet%20ip%20address%20port%2080%20head%20http%2F1.0&f=false
4. Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test on? a) To determine who is the holder of the root account b) To perform a DoS attack c) To create needless SPAM d) To illicit a response back that will reveal information about email servers and how they treat undeliverable mail e) To evaluate the virus protection Answer https://www.aiotestking.com/ec-council/why-would-you-consider-sending-an-email-to-an-address-that-you-know-does-not-exist-within-the-company-you-are-performing-a-penetration-test-for/
5. Hacker believes application is vulnerable to SQL injection. Using SQL Blind injection finish this SQL Statement. http://newspaper.com/items.php?id=2 and ??????????? so he knows yes the application is vulnerable to blind SQL injection 1 = 1 Answer is here https://www.owasp.org/index.php/Blind_SQL_Injection Also https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#Summary
6. What is the hacker trying to learn by adding each AND to the SQL statement “SELECT name FROM TableOne where id=2 “?
a) AND ('aa'=CONCAT('a','a')) b) AND 'a'='a'||'a' c) AND 'aa'='a'+'a'
Determine what database engine is being used by using SQL formatting Answer is here https://www.owasp.org/index.php/OWASP_Backend_Security_Project_DBMS_Fingerprint Also https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#Fingerprinting_the_Database and http://www.sqlinjection.net/database-fingerprinting/
Everyone is welcome to join us at our chapter meetings.
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
You can follow us on Twitter as @somdowasp |
Local News
Meeting Location Southern Maryland Higher Education Center 44219 Airport Road, Califorina, MD 20619 Date/Time: September 21, 2017, 6:00PM