Wednesday, March 14, 2012

OWASP Hacking-Lab

Dear OWASP leaders,

As you might know, Hacking-Lab is providing free OWASP TOP 10 hands-on challenges to the OWASP community. This is an inner service of GEC (Global Education Commitee) as part of the Academy Portal project.

Vulnerabilities within used frameworks and libraries, like the Apache Struts vulnerability do not have a prominent place with the OWASP TOP 10 list, but very important because of it's remote code execution characteristic. Hacking-Lab has written a vulnerable Apache Struts service and a tutorial video. Check it out.

I think it is important to discuss library and dependency risks.

Please watch the tutorial here:
* http://media.hacking-lab.com/movies/struts2/

Please read more about the Apache vulnerability here
* http://struts.apache.org/2.x/docs/s2-009.html

Please try it our, mess around in Hacking-Lab (if you like, it's free!)
* https://www.hacking-lab.com/events/registerform.html?eventid=199

Looking forward to hearing from you
Ivan Buetler, Switzerland

No comments: