OWASP Delaware chapter - Hands-on Hacking

Ring in the new year with web app security chit chat and a hands-on introduction to the Web Security Dojo (https://dojo.mavensecurity.com (https://dojo.mavensecurity.com/)).

Web Security Dojo is a free open-source training environment for learning and practicing web app security testing. It is ideal for self-paced learning and skill assessment, as well as training classes and conferences since it does not need a network to function. Web Security Dojo contains tools, targets, and documentation pre-installed within a single virtual machine image suitable for Virtual Box or VMware.

This presentation will introduce the audience to the Web Security Dojo, and demonstrate how to get up and running in a few easy steps. Participants are encouraged to follow along as the Web Security Dojo is put through its paces locating and exploiting cross-site scripting (XSS) and SQL injection flaws. The flaws and their potential impacts will be explained (and demonstrated) for those not familiar with web app security.

Anyone wishing to follow-along during the presentation should bring a laptop computer so that they can run the Web Security Dojo virtual machine. Student system requirements are simple:

any operating system that can run the latest stable version of VirtualBox (free from http://www.virtualbox.org/ ). Currently supported operating systems included Windows, Mac, and Linux. 5 GB of free HD storage 2 GB of RAM (more is better).

Before the presentation please:

1. Install the latest stable version of VirtualBox. Optionally you may also install the latest version of “Oracle VM VirtualBox Extension Pack”. Both are free and found here: http://www.virtualbox.org/wiki/Downloads

2. Download the VMware image of Web Security Dojo from here: http://goo.gl/Ocx6xA
   This is a virtual machine image (.OVA file).

3. (Optional but recommended) Importing and starting this image will be covered during the presentation, but it is best if you try ahead of time in case there are some conflicts with your setup (such as virtualization capabilities disabled in your BIOS). To try the import process start VirtualBox and use “File > Import Appliance” and select the .OVA file downloaded above. Accept the default settings. The import process takes about 3 to 5 minutes.