System Advancements at the Monastery

Learning By Doing: Challenges, Data Sets, and Practice Sites

Posted in Badstone, Bright Shadows, Challenges, DVL, DVWA, Date Sets, De-ICE, Enigma, Forensics, HBH, HTS, Hackerdemia, ISC, Moth, Mutillidae, Network Warfare, OWASP, OpenPacket.org, OverTheWire, StS, Vulnerability, Wargames, Web Application, WebGoat, pWnOS, pcapr, w3af on Aug 23rd, 2009

Security training is very important for any organization. When developing a training program, do not forget about the security staff. I am all for sending people to SANS and other company’s security courses. Once your people come back, how will they practice what they have learned? Hopefully, everyday at work does not involve tracking inventive [...]

Read Full Post »

WebGoat, Lua, and ModSecurity verses Password Guessing

Posted in Apache, Learning, Lua, ModSecurity, OWASP, Vulnerability, Web Application, WebGoat on Jan 10th, 2009

Happiness abandoned Twitter this week as it was revealed that an 18-year-old was able to use an automated password-guesser to break into an account. Twitter allowed for an unlimited number of log-in attempts. The hacker used a simple dictionary attack that revealed at 11:00am Monday the password of “happiness.” Once the hacker [...]

Read Full Post »

News Flash: NoScripts Helps Fight Clickjacking 0-Day

Posted in Clickjacking, News, NoScript, OWASP, Web Application on Sep 26th, 2008

Robert “RSnake” Hansen and Jeremiah Grossman were to present at OWASP AppSec NY 2008. Unfortunately, their presentation involving clickjacking was effectively canceled at the request of the vendor Adobe. In addition to Adobe, RSnake and Grossman have discussed the vulnerability with Microsoft and Mozilla. OWASP ended up having a clickjacking 20-Questions session [...]

Read Full Post »