Revision as of 20:32, 24 September 2017

OWASP Southern Maryland

Welcome to the Southern Maryland chapter homepage. The chapter leader is Larry Conklin and David Sanborn.

Local News

Meeting Location
 Southern Maryland Higher Education Center 44219 Airport Road, Califorina, MD 20619
 Next meeting is being planned
 Round One trivia Results
 6 question possible 11 points possible, all question 2 points except movie question, 1 point only.

  Angela 3
  2nonprogrammers 5
  no name 7 
  Buddha 7
  Superbad 7
  no name 7
  no name 7
  intelligence 5

1.	What is passive research?
A.	It's when a pen tester conducts their work without much effort
B.	It alerts for situations such as database errors, which facilitates an organization to ensure confidentiality and integrity
C.	It's when security information is gathered about an organization from totally public sources, such as surfing the web
D.	It's exploring a network and its operating systems to get an idea of how it's all configured

https://www.owasp.org/index.php/Testing:_Introduction_and_objectives

2.	What was the first movie to feature computer hacking?

WarGames

3.	What does the following command achieve? Telnet <IP Address> <Port 80> HEAD /HTTP/1.0
a)	This command returns the home page for the IP address specified
b)	This command opens a backdoor Telnet session to the IP address specified 
c)	This command allows a hacker to determine the site’s security
d)	This command is bogus and will accomplish nothing

https://books.google.com/books?id=N-4XDAAAQBAJ&pg=PT319&lpg=PT319&dq=telnet+ip+address+port+80+head+http/1.0&source=bl&ots=-kPqPRHEjG&sig=JEln91esv_wX5RH-u5Vf1j_gOiU&hl=en&sa=X&ved=0ahUKEwib0I2G1bnWAhVCSCYKHUKtBU0Q6AEIXzAJ#v=onepage&q=telnet%20ip%20address%20port%2080%20head%20http%2F1.0&f=false

4.	Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test on?
a)	To determine who is the holder of the root account
b)	To perform a DoS attack
c)	To create needless SPAM
d)	To illicit a response back that will reveal information about email servers and how they treat undeliverable mail
e)	To evaluate the virus protection

Answer https://www.aiotestking.com/ec-council/why-would-you-consider-sending-an-email-to-an-address-that-you-know-does-not-exist-within-the-company-you-are-performing-a-penetration-test-for/

5.	Hacker believes application is vulnerable to SQL injection. Using SQL Blind injection finish this SQL Statement. http://newspaper.com/items.php?id=2 and ??????????? so he knows yes the application is vulnerable to blind SQL injection 

Answer is here https://www.owasp.org/index.php/Blind_SQL_Injection Also https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#Summary

6. What is the hacker trying to learn by adding each AND to the SQL statement “SELECT name FROM TableOne where id=2 “?

	AND ('aa'=CONCAT('a','a')) 
	AND 'a'='a' 

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?

Twitter

Local News

Meeting Location
 Southern Maryland Higher Education Center 44219 Airport Road, Califorina, MD 20619
Date/Time: 
 September 21, 2017, 6:00PM