close

Вход

Забыли?

вход по аккаунту

?

Vicnumdescription

код для вставкиСкачать
Vicnum –Description
OWASP
Mordecai Kraushar
CipherTechs
mo@ciphertechs.com
Auditor, Trainer
Education Project
The OWASP Foundation
http://www.owasp.org
Vicnum the basics
пЂј A vulnerable web app using LAMP
пЂґ Perl
пЂґ PHP
пЂј Packaged as a Ubuntu VMWare guest or as a zip
пЂј Open Source code released in 2009
пЂј An OWASP project
http://www.owasp.org/index.php/Category:OWASP_Vicn
um_Project
пЂј Available for download at
https://sourceforge.net/projects/vicnum/
 Online �playing’ possible at
http://vicnum.ciphertechs.com
OWASP
2
Vicnum – the game
– Based on a game played to kill time
пЂґYou enter your name to start playing the game
пЂґThe computer picks a three digit number with unique
digits
Player tries to guess the computer’s number
Computer remembers its number and the player’s
guesses
пЂґFor each guess the computer will tell the player:
“How many right and how many in the right
position” and the number of guesses so far
пЂґEventually number is guessed and the player is
prompted to store their results in a database
OWASP
3
Vicnum’s real goal
пЂј Have fun and generate interest in the field
пЂј A flexible lightweight vulnerable web application useful
to auditor’s honing their web app security skills
пЂј Easy to install, easy to grasp
пЂј Easy to modify
пЂґ Can be used to test out new hacks and new defenses
пЂґ Can be used to test whether a Web VA can detect a vulnerability
пЂґ Or whether a Web firewall can protect a vulnerability
пЂґ Can be tailored to address different auditor skill sets
 Can be tailored to accommodate different levels of �capture the
flag’ exercises
OWASP
4
Документ
Категория
Презентации
Просмотров
13
Размер файла
192 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа