your web application is NOT secure

Darren Dirt · October 16, 2012, 10:04:10 AM

(probably)

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

I just heard about this "WebGoat" project ( OWASP = the Open Web Application Security Project ); the 'Goat is a deliberately-vulnerable web app so developers can learn the various hacks and insecurities and thus plug the holes in their own applications.

more info: https://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents

Mr. Analog · October 16, 2012, 02:14:12 PM

I've worked with a similar project (I think I linked it here a while back?) basically it sets up a test server and you can try out different techniques to better understand them, it's quite an interesting concept!

Darren Dirt · October 16, 2012, 04:09:40 PM

This one seems to go a step further, it has a description of a specific vulnerability and actually tells you how to exploit it (whether in general terms or specifics), so you can actually DO the hack and see what damage a hacker can do, then it helps you understand how to plug the hole.

Mr. Analog · October 16, 2012, 04:47:42 PM

Quote from: Darren Dirt on October 16, 2012, 04:09:40 PM
This one seems to go a step further, it has a description of a specific vulnerability and actually tells you how to exploit it (whether in general terms or specifics), so you can actually DO the hack and see what damage a hacker can do, then it helps you understand how to plug the hole.

It sounds very similar to what I was using.

Here's the link for what I was using (it was actually the first item in my bookmarks bar haha): http://google-gruyere.appspot.com/

Thorin · October 16, 2012, 05:19:43 PM

Yeah, I remember Gruyere. More holes than Swiss cheese.

Mmm, Swiss cheese. I could eat it on its own.

Also, security is really easy to do wrong. All it takes is one incorrectly implemented security feature out of a hundred that you might've implemented, and you're no longer secure. Assume that you will get broken into somehow at some point, and set up as many layers of defense as possible while still allowing commerce to occur.

Mr. Analog · October 16, 2012, 10:09:27 PM

Hah, oddly enough on the way home tonight I overheard some IT guys from a company I won't name talk about their lack of security, one of them said "all software is designed to have holes, that's how we get in to do things" (all three of these guys sounded like junior-ish cowboy coders).

They then started talking about how their security works, what authentication types were used, what server software they had and even potential attack vectors.

And at this point I recall that THE number ONE failure of SECURITY is human.

Through some basic social hacking I could probably find out more. I shook my head when I got off the train...

Darren Dirt · October 16, 2012, 10:31:00 PM

Quote from: Mr. Analog on October 16, 2012, 04:47:42 PM
It sounds very similar to what I was using.

Here's the link for what I was using (it was actually the first item in my bookmarks bar haha): http://google-gruyere.appspot.com/

Cool! Yes, it does sound similar. Can't hurt to jump through both sets of hoops, if you're interested in becoming an expert in hole-plugging.

...oh boy that was some poor choice of wording...

Mr. Analog · October 16, 2012, 10:32:27 PM

I take it in STRIDE though I DREAD your wording

Darren Dirt · October 16, 2012, 10:33:32 PM

'taint no big thing.

Mr. Analog · October 16, 2012, 10:39:25 PM

Threat Modelling: http://msdn.microsoft.com/en-us/library/ff648644.aspx

Tom · October 16, 2012, 11:33:16 PM

Quote from: Darren Dirt on October 16, 2012, 10:33:32 PM
'taint no big thing.

Perl disagrees.