Monday, 31 October 2011

Australian Online Applications Are Secure?

The Australian Defence Signals Directorate (DSD) published the Top 35 Mitigation Strategies to:
  • "mitigate targeted cyber  intrusions.  The  list  is  informed by DSD’s experience  in operational cyber  security,  including  responding  to  serious  cyber  incidents  and  performing  vulnerability   assessments and penetration testing for Australian government agencies.

According to DSD:
  • "Rankings are based on DSD’s analysis of reported security incidents and vulnerabilities detected by DSD in testing the security of Australian Government networks. "
However, if you review the 35 strategies, there is no mention of the need to develop applications securely. SQL Injection, XSS etc. are all missing.

Does this mean that Aussie Apps are secure? Have they got it sorted? (Eventhough they seem to be crap at bog ball ++ (and struggle at rugby))



    Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

    Posted by alexisfitzg at 16:27 3 comments
    Labels: , ,

    Saturday, 8 October 2011

    Installing Hacking-Lab Live CD

    In preparation for the OWASP Switzerland meeting on October 11th you should try to install the Hacking-Lab live CD.

    These are the simple steps I followed on a Windows 7 laptop.

    • Dowload the Virtual Appliance OVA file to your laptop
    • Download and install the Oracle Virtual Box  application onto your laptop
    • Double-click the .ova file through Windows Explorer and the appliance import process should commence on the Virtual Box application. You should see something like Fig 1:
    Fig. 1: Oracle VM Virtual Box Manager

    •  In  theVirtual Box Manager left-hand pane double-click on the LiveCD-Hacking-Lab-V5.55 entry. The LiveCD should start and after a short while  the Welcome screen as shown in Fig 2 should appear.
    Fig 2: Welcome Screen
    You should be ready to go now at the OWASP meeting.

    Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

    Posted by alexisfitzg at 16:33 2 comments
    Labels: , ,

    Tuesday, 4 October 2011

    OWASP Switzerland Chapter Meeting - October 11th



     OWASP Switzerland Chapter Meeting
     
    When: October 11th, 17:00 - 19:00
    Where:   ITACS by Bitterli Consulting AG
                   Stampfenbachstrasse 40
                   CH-8006 Zurich

    Price: Free (but you need to reserve a place)

    Topic:
    Presentation of the OWASP Top 10 by Cyrill Brunschwiler from Compass
    Security (http://www.csnc.ch/en/) followed by a hands-on session.


    More Information: OWASP Switzerland 


    

    
Social:
del.icio.us
DiggIt!
Reddit
Stumble
Google Bookmarks
Technorati
Slashdot

    

    

    

    

    
Posted by
alexisfitzg


at
08:30


1 comments














    


    

    

    
Labels:
,



    

    


    

    

    

    

        
    
      

    


    

    

    
Subscribe to:
Posts (Atom)