Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Web Application Security Consortium Project Announcements

from [contact] Network Security [Permanent Link]
Subject: Web Application Security Consortium Project Announcements
Date: Mon, 4 Apr 2005 15:22:04 -0400 (EDT) 
The Web Application Security Consortium (WASC) is pleased to present 
two project announcements, and a document update.  



1) "Web Application Security Statistics" Project
http://www.webappsec.org/projects/statistics/

The WASC Statistics Project is the first attempt at an industry wide
collection of application vulnerability statistics in order to identify
the existence and proliferation of application security issues on 
enterprise websites. Anonymous data correlating vulnerability numbers 
and trends across organization size, industry vertical and geographic 
area are being collected and analyzed to identify the prevalence of 
threats facing today's online businesses. Such empirical data aims to
provide the first true statistics on application layer vulnerabilities.

Using the Web Security Threat Classification 
(http://www.webappsec.org/projects/threat/)
as a baseline, data is currently being collected and contributed by 
more than a half dozen major security vendors with the list of contributors 
growing regularly.


We are actively seeking others to contribute data.

If you would like to be involved with the project, please contact Erik
Caso  (ecaso AT ntobjectives DOT com)



2) "Distributed Open Proxy Honeypot" Project
http://www.webappsec.org/projects/honeypots/

The WASC solution is to use one of the web attacker's most trusted
tools against him - the Open Proxy server.  Instead of being the target
of the attacks, we opt to be used as a conduit of the attack data in
order to gather our intelligence.  By deploying multiple, specially
configured open proxy server (or proxypot), we aim to take a birds-eye
look at the types of malicious traffic that traverse these systems.
The honeypot systems will conduct real-time analysis on the HTTP
traffic to categorize the requests into threat classifications outlined
by the Web Security Threat Classification 
(http://www.webappsec.org/projects/threat/)
and report all logging data to a centralized location.

If you would like to be involved with the project, please contact Ryan

Barnett ( rcbarnett AT hushmail DOT com)



3) Web Security Threat Classification is now available in HTML format 
to make referencing and using the information easier.
http://www.webappsec.org/projects/threat/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Web Application Security Consortium Project Announcements, contact <=
Previous by Date:  Re: Samba hacking ?, Jon Hart
Next by Date:  Re: Samba hacking ?, T
Previous by Thread:  Accessing Winxp shares, Anurag Joshi
Next by Thread:  Apple pentesting, Julian Totzek
Indexes:  [Date] [Thread] [Top] [All Lists]