Hi,
you can start with XSS or Directory Trasversal, they are easy to exploit, check security focus for those vulnerabilities
 Christian Eric Eddjenguele
IT Security Software Developer & Researcher
--
Management, Developers, Security Professionals â?? can only result in one thingâ?¦â?¦ better security.
http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008
----- Messaggio originale -----
Da: "dimkovtrajce (at) yahoo (dot) com [email concealed]" <dimkovtrajce (at) yahoo (dot) com [email concealed]>
A: pen-test (at) securityfocus (dot) com [email concealed]
Inviato: Lunedì 18 agosto 2008, 15:13:13
Oggetto: a "good" vulnerability for educational purposes
Hi,
Our goal is to teach master students in computer security in pen testing remote servers.
As an exercise we want to introduce a vulnerability in IIS or Apache (or any other place you might suggest)which is recognizable with current vulnerability scanners(ex.nessus), but requires some coding/payload generation to exploit the vulnerability.
I am considering bugtracq, but there are many vulnerabilities there which i can not filter with the requirements above.
Can you point me to any "good" vulnerability for this purpose?
you can start with XSS or Directory Trasversal, they are easy to exploit, check security focus for those vulnerabilities
 Christian Eric Eddjenguele
IT Security Software Developer & Researcher
--
Management, Developers, Security Professionals â?? can only result in one thingâ?¦â?¦ better security.
http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008
----- Messaggio originale -----
Da: "dimkovtrajce (at) yahoo (dot) com [email concealed]" <dimkovtrajce (at) yahoo (dot) com [email concealed]>
A: pen-test (at) securityfocus (dot) com [email concealed]
Inviato: Lunedì 18 agosto 2008, 15:13:13
Oggetto: a "good" vulnerability for educational purposes
Hi,
Our goal is to teach master students in computer security in pen testing remote servers.
As an exercise we want to introduce a vulnerability in IIS or Apache (or any other place you might suggest)which is recognizable with current vulnerability scanners(ex.nessus), but requires some coding/payload generation to exploit the vulnerability.
I am considering bugtracq, but there are many vulnerabilities there which i can not filter with the requirements above.
Can you point me to any "good" vulnerability for this purpose?
Regards,
Trajce
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Posta, news, sport, oroscopo: tutto in una sola pagina.
Crea l'home page che piace a te!
www.yahoo.it/latuapagina
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
[ reply ]