Learning by Breaking: A New Project Insecure Web Apps

The presentation

The idea of creating web applications with intentional vulnerabilities is nothing new. It seems that everyone created at least one such application around the turn of the millennium. The problem is, most of those applications haven't been updated since then. In addition to being dated, these applications are largely closed source, can be complicated to set up, and often conflict with one another. In an effort to address these issues, this talk will describe a new infrastructure for creating and running a variety of open source, vulnerable web applications that all co-exist on a single virtual machine.

The speakers

Chuck Willis is a Technical Director with MANDIANT (http://www.mandiant.com/), a full spectrum information security company in Alexandria, Virginia, where he concentrates in web application security, research, and development. Prior to joining MANDIANT, Chuck performed security software engineering, penetration testing, and vulnerability assessments at a large government contractor and also conducted computer forensics and network intrusion investigations as a U.S. Army Counterintelligence Special Agent. Chuck holds a Master of Science in Computer Science from the University of Illinois at Urbana-Champaign and has previously spoken at the Black Hat Briefings, the OWASP AppSec Conference, the IT Underground security conference in Europe, DefCon, and ShmooCon. Chuck has contributed to several open source security software projects and is a member of the Open Web Application Security Project, a Certified Information Systems Security Professional, and a Certified Forensic Computer Examiner.