Starting the New Year on the right foot

Published: 2013-01-02. Last Updated: 2013-01-02 02:10:37 UTC
by Chris Mohan (Version: 1)
0 comment(s)

 

Kick off the New Year by solving a hands-on adventure to fire up any dulled brain cells, lulled in to hibernation over the last few weeks’ festivities.
 
Ed Skoudis and Tim Medin created a fun, hands-on technical challenge providing a wonderful piece of learning and a number of marvellous trials to understanding uncover flaws in web applications. We, the defenders, need to understand the attackers approaches in seeking chinks in web application’s armour and manipulate flaws, mis-configuration and untested logic to their own ends; this mischievously engaging, and possibly enraging, puzzle helps build our skills.
 
Without further to-do, leap forth and battle Mr Skoudis’ and Medin’s Holiday Challenge:
 
http://pen-testing.sans.org/holiday-challenge/2012
 
Not sure what tools to use to get started understanding the nooks and crannies of the web applications? Kevin Johnston's, fellow ISC Handler, Samurai Web Testing Framework - a LiveCD focused on web application testing - is a perfect companion for this adventure. 
 
Have fun learning and practicing!
 
Setting up WTF Samurai on VMware:
http://blog.taddong.com/2012/09/how-to-create-samuraiwtf-20-virtual.html
 
[1] WTF Samurai download http://sourceforge.net/projects/samurai/ 
Ps the password for WTF Samurai is samurai [2]
[2] In case you forget: http://www.whatisthesamuraipassword.com/
 

 

Chris Mohan --- Internet Storm Center Handler on Duty

Keywords: challenge
0 comment(s)

Comments


Diary Archives