Saturday, June 20, 2009

OWASP Top 5 and Mutillidae

Intro to common web vulnerabilities like Cross Site Scripting (XSS), SQL/Command Injection Flaws, Malicious File Execution/RFI, Insecure Direct Object Reference and Cross Site Request Forgery (CSRF/XSRF)

This is a recording of the presentation I gave to the Louisville Chapter of OWASP about the Mutillidae project. A while back I wanted to start covering more web application pen-testing tools and concepts in some of my videos and live classes. Of course, I needed vulnerable web apps to illustrate common web security problems. I like the WebGoat project, but sometimes it's a little hard to figure out exactly what they want you to do to exploit a given web application, and it's written in J2EE (not a layman friendly language). In an attempt to have something simple to use as a demo in my videos and in class, I started the Mutillidae project. This is a video covering the first 5 of the OWASP Top 10.

Video and More Info

No comments: