A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


One Random Insecure Wep Application Please (ORIWAP) - Nancy Snoke (Circle City Con 2019 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

One Random Insecure Wep Application Please (ORIWAP)
Nancy Snoke

@NancySnoke
Circle City Con 2019

You may need an insecure web application as part of yearly developer compliance training. You may need an insecure web application for a companywide contest for cyber security awareness month. Perhaps you just like playing with insecure web applications on the weekend. There are a variety of insecure web applications out there. If you have specific needs -- maybe XSS in VBScript as opposed to JavaScript --, or regular use-case where you want something similar to showcase the OWASP top 10 yet different topics and look every time. Then what is out there may not work for you. This talk introduces a new tool -- ORIWAP (One Random Insecure Web Application Please), which can randomly generate an insecure web application (the security features, visual style, and data -- users, passwords, forum postings, about page). If you don't like randomness you can specify some or all of the settings and an application will be generated. The talk will demo creating several new applications, and show the variety of options for creating the perfect insecure web application for you. This talk will also discuss how the code works for each area: security features, visual style, and data.

Nancy Snoke is currently a Senior IT Security Engineer with PGAC specializing in application security. Previously, she has worked as penetration tester and as senior software engineer focusing on application security. Nancy has previously spoken at Bsides, Skydogcon, Derbycon and NOLACON. She got her undergraduate degree in Computer Engineering in New Orleans at Tulane University, and her Masters in Computer Science at University of Illinois Urbana-Champaign.

Back to Circle City Con 2019 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast